Verizon claimed its about 6 million customer’s personal details that got leaked, including the PIN codes. They have advised to change the credentials.
Verizon is the latest to find itself at the receiving end of a huge security breach that affected millions of its customers. The telecom service provider confirmed the personal data of at least 6 million of its customers have been leaked online.
The leak is being attributed to a human error on part of a third party vendor that was helping Verizon enhance its customer services. As things have emerged, an employee of Nice, the Israel based firm accidentally left a key setting as public instead of private.
This led to customer’s private records to appear online when it should have been hidden from public view. Among the data that got leaked include the names and addresses along with even the secret PIN numbers.
The leak meanwhile was discovered by Chris Vickery, a researcher at the security firm UpGuard, who promptly brought it to the notice of Verizon. Verizon first got whiff of the damage on June 13 though it wasn’t until June 22 that the leak eventually got plugged.
UpGuard also claimed it is about 14 million accounts that are likely to be affected. What is particularly damaging is the revelation of the secret PIN codes. Verizon uses the PIN for customer authentication before attending to their calls.
As such, those in possession of the PIN could easily claim themselves to be the customers with the genuine customer having no inkling of it. They might even change the codes, something that the real customer might never get to know of.
The easiest way out for the customers will be to change their PIN codes immediately, something that applies to all Verizon users irrespective of their data having been leaked or not.
The leak also highlights the potential danger that out personal data faces in the hands of large companies that often resort to third-party vendors for various services. In Verizon’s case, while the data was stored on Amazon S3 servers which again are among the most secured, maybe the need of the hour is to adopt more secured software practices where there are more heads involved when dealing with key security issues.