Verizon, an American telecommunications company, just suffered an internal data breach affecting more than six million customer accounts.
The breach has resulted in leaked information that was facilitated by human error during the cloud storage setup process.
According to reports, the affected customers’ details were available for access during this period, leaking information such as names, telephone numbers and PIN codes.
The hack was discovered earlier this month by the California cybersecurity firm UpGuard.
Chris Vickery, a lead researcher at UpGuard, found that the leak was tied to the Israeli tech company and third-party Verizon vendor, NICE Systems.
In what was a setup process meant to facilitate service calls to customers, the event led to what can be considered as one of the most severe data breaches Verizon has faced in its 30+ years in service delivery.
Verizon confirmed that the customer data was, indeed, subject to a breach—but that no data was lost or stolen since the breach was internal.
Upguard further conducted in depth analysis of how the event unfolded and discovered that though not all pin codes were visible, the ones that were left unmasked appeared right next to the customer’s phone number.
Of course, it is evident that in the event hackers or rippers get the pins of customers, there will be an increase in attempted fraud or rather the occurrence of fraud itself.
Since the possibility of either of the two happening is quite high, UpGuard Cyber Resilience Analyst Dan O’Sullivan mentions that by having PINs, scammers can gain access to a person’s phone service if they can convince customer care agents that indeed they are the Bona Fide account holder by providing the required details.
Because of the chances of fraud, Verizon customers have been advised to change the PIN of their accounts to stay secure avoiding the possibility of falling victim to fraud.
O’Sullivan further advises that Verizon customers should avoid using the same PIN multiple times.
In an interview with CNN, O’Sullivan mentions that it is indeed possible that fraudsters can cut off access to the real account holder since they would have disguised his/herself as the legitimate owner.
For this to happen, they would need to receive a two-factor Authentication (2FA) message which they could use to perform alterations to the account settings.
For this substantial reason, it is crucial for Verizon to formulate measures that will prevent further data leaks.
Not only that, all Verizon customers should be made aware of the incidence and further be advised on the next cause of action to stay safe.
The incident has brought to light the fact that customer information is stored on external servers.
As such, third parties are in a position to access highly confidential information.
If the third party happens to be a fraudster, then the information will be misused.
The real question now is how much information is at the disposal of third parties? It is up to the respective companies to take precaution and put measures in place to ensure that their clients’ information is in safe hands to avoid reputations damage and financial losses depending on a situation.
This is relevant not just to customers, but also to employees.
Their information, including details about salaries, age, family, health status, residents, etc., should be kept safe as well.
The relief in this scenario is that the information available in the leak was limited.
And, therefore, third parties could not access the full details about the client.
A report carried out by The Washington Post states that the PIN numbers cannot be used to access a customer’s online account.
But instead, PINs are only used for authentication purposes during a phone call between a customer service agent and the client.
Still, even though the leak was caused by so-called “human error” of an employee at one of Verizon’s third-party vendors, that means that the situation could have easily been prevented.
And so all relevant parties involved in such types of work ought to carry out their work with due diligence and ensure that a properly laid-out protocol is followed to avoid such instances from further repeating themselves.
Perhaps if UpGuard were not in the picture to discover the leak, then it would have taken a lot longer for the issue to surface.
And because of that, the effects could have been far much more severe.
Latest posts by C.M. (see all)
- Android Applications Sending Data to Chinese Servers - October 11, 2017
- More than 700 Million Emails Exposed in a Spambot Vulnerability - October 1, 2017
- Speculations on Valhalla - September 26, 2017