Tagged: Verizon Toggle Comment Threads | Keyboard Shortcuts

  • jkabtech 8:17 pm on August 24, 2017 Permalink | Reply
    Tags: , , , , , misconfigured, , Verizon   

    Millions of Verizon customer details exposed on misconfigured Amazon S3 server 

    Threat to two-factor authentication.

    A third-party vendor working with American telco giant Verizon left the data of as many as 14 million United States customers exposed on a misconfigured server, a security researcher has discovered.

    Security vendor UpGuard researcher Chris Vickery on 28 June spotted exposed names, addresses, account details, account personal identification numbers (PINs) and information fields indicating customer satisfaction tracking for as many as 14 million US customers.

    The data was contained on a misconfigured Amazon S3 data repository owned and operated by telephonic software and data firm NICE Systems, a third-party vendor for Verizon, Vickery wrote.

    If an attacker had accessed the information, it would have allowed them to pose as Verizon and contact the telco to gain access to users’ accounts.

    The scenario is an especially threatening prospect, given the increasing reliance upon mobile communications for purposes of two-factor authentication.

    The data repository appears to have been created to log customer call data for unknown purposes.

    It was fully downloadable and configured to allow public access. All one would need to access the data was the S3 bucket’s URL.

    Verizon said it was able to confirm there was no loss or theft of the information.

    “An employee of one of our vendors put information into a cloud storage area and incorrectly set the storage to allow external access,” a spokesperson said. 

    “We have been able to confirm that the only access to the cloud storage area by a person other than Verizon or its vendor was a researcher who brought this issue to our attention.”

    Despite Verizon’s claims researchers criticised the insecure practice highlighting the frequency of information left exposed on Amazon S3. 

    The recent WWE, US voter records, and Scottrade leaks also exposed sensitive information through mismanaged AWS S3 servers, co-founder and chief executive of cloud security vendor Dome9 Zohar Alon said.

    “Storing sensitive data in the cloud without putting in place appropriate systems and practices to manage the security posture is irresponsible and dangerous,” Alon said.

    “A simple misconfiguration or lapse in process can potentially expose private data to the world and put an organisation’s reputation at risk.”

    He said these examples highlighted how a single vulnerability, security or process lapse in the public cloud is all it takes to expose highly sensitive private data to the world.

    Copyright © SC Magazine, US edition Tags:amazon aws privacy security upguard verizon By Robert Abel
    Jul 13 2017
    7:16AM Security is
    powered by

    View the Original article

    Advertisements
     
  • jkabtech 6:51 am on April 29, 2016 Permalink | Reply
    Tags: , , , , Verizon   

    Report: 1.5 million Verizon customers hacked 

    itemsPerPage:1 ,itemsPerTransition:1 ,speed:500 ,swipable:true ,nextPrevLinks:true ,container: ‘multi_promo_103495731_1’ ,currentNodeClass: ‘currentNode’ ,lazyLoad: false ,lazyLoadNext: false,responsive:false

    View the Original article

     
  • jkabtech 1:20 am on March 29, 2016 Permalink | Reply
    Tags: , , , , Verizon   

    Report: 1.5 million Verizon customers hacked 

    Thursday, 24 Mar 2016 | 4:22 PM ETCNBC.com

    A pedestrian talks on his cell phone while walking past the Verizon Communications Inc. headquarters in New York. Andrew Harrer | Bloomberg | Getty ImagesA pedestrian talks on his cell phone while walking past the Verizon Communications Inc. headquarters in New York.

    More than 1.5 million Verizon Enterprise customers had their contact information leaked on an underground cybercrime forum this week, according to cybersecurity blogger Brian Krebs.

    A security vulnerability, now fixed, provided an opening for the attacker, the business-to-business arm of the mobile and telecom giant told KrebsoOnSecurity. The breach involved basic contact information, not propriety network information, the company told Krebs.

    Prices of the customer data ranged from $10,000 to $100,000, Krebs reported.

    Verizon, used by almost all Fortune 500 companies, is widely known for its cybersecurity prowess, and releases an annual report on avoiding cyberthreats, Krebs wrote.

    Verizon told CNBC that impacted Verizon Enterprise customers are being notified, and no data about consumer customers was involved.

    For the full story, read more at KrebsOnSecurity.com.

    — CNBC’s Ryan Ruggiero contributed to this report.

    SHOW COMMENTS Please add a username to view or add commentsPublic Username for Commenting

    View the original article here

     
c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel
%d bloggers like this: