14 MEEELLION Verizon subscribers' details leak from crappily configured AWS S3 data store

www.theregister.co.uk | 7/12/2017 | Staff
j.moomin (Posted by) Level 3
Click For Photo: https://regmedia.co.uk/2017/07/12/shutterstock_holes_in_bucket.jpg?x=1200&y=794

Another day, another leaky Amazon S3 bucket. This time, one that exposed account records for roughly 14 million Verizon customers to anyone online curious enough to find it.

The cloud-hosted repository, ironically owned by Israeli-based software security vendor NICE, contained terabytes of Verizon customer names, addresses, and account information – along with plenty of PINs, although the large majority of those were hashed.

Files - Folders - June-2017 - ZIP - Files

The files, found in folders labeled "Jan-2017" to "June-2017," include ZIP files containing as much as 23GB of text data apiece when extracted, and they looked like voice recognition log files from customer calls. In addition to personal information, the data showed the callers’ customer satisfaction levels (including “FrustrationLevel” –hope they had a large number range) and whether they had fiber on order.

The poorly secured data store was found by Chris Vickery’s virtuous vigilantes at UpGuard, who have made a habit of scouring Amazon buckets for interesting data. On June 8, they found the data in an open Amazon Simple Storage Service (S3) bucket with a subdomain “verizon-sftp,” and figured it was worth a look. They immediately got in contact with those concerned.

Exposure - Example - Risks

“This exposure is a potent example of the risks...
(Excerpt) Read more at: www.theregister.co.uk
13 other people are viewing this story
Wake Up To Breaking News!
Sign In or Register to comment.