Massive Verizon data breach exposes up to 14 million accounts
This story was updated at 1:07 p.m. ET.
If you're a Verizon customer, you need to change your PIN — the personal identification number you use when contacting customer service — right now.
A security firm revealed on Wednesday that information on millions Verizon accounts was exposed on an unsecured server. The information consisted of the subscriber's name, cellphone number, and the account PIN. The last element is obviously the crucial one: With the PIN, an attacker could fool a customer-service representative into giving them access to a subscriber's account.
SEE ALSO:The NotPetya ransomware may not actually be ransomware at all — it could be something worseWith free access to the account, an attacker could make whatever changes to service that they want, theoretically adding lines or specific features. Targeting wireless accounts is also a key way cyber criminals bypass two-factor authentication (2fa) on third-party services, since many users choose to get verification codes via SMS text messages because of their convenience.
Initial reports of the breach indicated 14 million accounts were exposed, but Verizon later put out a statement that said the number was actually 6 million. The security company, UpGuard, told Verizon about the exposed data on June 13, and Verizon had dealt with the problem by June 22, CNNreported. UpGuard is the same company that discovered unsecured voter registration data on the servers of an RNC contractor in June.
The exposed customer records were from call logs that get created when a Verizon user contacts customer service. The records go back six months, so only customers who called customer service had their account information compromised. Some PIN numbers were hidden but others were exposed. Verizon says the exposed data was for a "wireline portal," meaning the accounts were for residential and business wireline services (such as FiOS) and not Verizon Wireless. The cellphone numbers were part of the data for contact purposes.
So far Verizon has not provided a way for customers to check whether or not their data was exposed, so the safest thing to do right now is to change your PIN.
An Israeli company, Nice Systems, mistakenly designated the data, which was stored on an Amazon S3 server, as "public," ZDNetreported when it broke the story. Wireless carriers like Verizon often contract other companies to manage their customer service calls and the data they generate.
Correction:This piece was updated to reflect the information in Verizon's public statement on the breach, including the number of accounts (6 million), the nature of the accounts exposed, and the level of access a PIN grants.
Featured Video For You
This prosthetic is an extra thumb you never knew you needed
-
How 3D Game Rendering Works: TexturingMarco Rubio Florida polls: Bad.[News focus] Blame game between US, N. Korea adds to nuke talks uncertaintyUS prepared for diplomacy for denuclearization of North Korea: White House spokeswomanHow much will PCB's Champions Cup mentors be paid?Amazon Echo Look is first smart home device Kim Kardashian could loveThe parody accounts that make Twitter bearable in the era of TrumpUN panel recommends future NK sanctions focus on cyberattacksGoogle is bringing AI summaries to ‘Files’ so you can find your docs quickerFood is actually being served on iPads and it's my nightmare
- ·Apple finally sends out payments for MacBook's butterfly keyboard settlement
- ·[Newsmaker] Cho Kuk admits to ‘privileges,’ promises to hand over family
- ·Overseas travel ban imposed on minister nominee's family over corruption scandals
- ·[Newsmaker] Cho Kuk admits to ‘privileges,’ promises to hand over family
- ·The OLED Burn
- ·Tesla plans to double its charging network by the end of the year
- ·China's top diplomat returns home after Pyongyang visit
- ·N. Korea hosts dinner reception for China's top diplomat
- ·Best CPU Deals, AMD vs Intel: Holiday CPU Buying Guide
- ·S. Korea, Malaysia to hold 3rd round of FTA talks this week
- ·Makeup blogger's dad nails anti
- ·Justin Bieber's selfies (and bangs) are back
- ·A Barbie flip phone is here from HMD
- ·Vladimir Putin announces unexpected withdrawal of Russian troops from Syria.
- ·US prepared for diplomacy for denuclearization of North Korea: White House spokeswoman
- ·UN chief urges N. Korea to release all political prisoners
- ·Europe now has a huge AI gap, for better or for worse
- ·Marco Rubio Florida polls: Bad.
- ·Tesla's still losing money, but at least Musk isn't losing it on earnings calls
- ·UN panel recommends future NK sanctions focus on cyberattacks
- ·Apple iPod: The First 10 Years of the Ubiquitous Media Player
- ·China warns Trump again that he is 'playing with fire'
- ·North Korean defectors talk about escape, new life in South in English
- ·Navy holds int'l forum on maritime security cooperation
- ·Weather update for second Pak vs Ban second Test match day one
- ·[Newsmaker] S. Korea wraps up expanded military drills for Dokdo
- ·Ruling bloc seeks tougher sentences for deepfake sex crimes
- ·Now 1 Bitcoin buys you about 30 'MAGA' hats
- ·North Korean defectors talk about escape, new life in South in English
- ·[Herald Interview] Health Ministry pursues ‘people
- ·高燃!哨响表停赛不止,2024广东“村BA”开赛在即,一分钟带你重温高光瞬间。
- ·At least 1,000 more buses ask to park for Women's March than Trump's inauguration
- ·EA bleeped Colin Kaepernick's name from the 'Madden NFL 19' soundtrack
- ·Navy holds int'l forum on maritime security cooperation
- ·NASA rover snaps photo of its most daunting challenge yet
- ·Unroll.me's shadiness is exactly why people don't trust tech companies