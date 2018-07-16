US TELECOMS GIANT Verizon had millions of its customer records leaked by Israel-based company Nice Systems.

ZDNet reports that the records of up to 14 million Verizon subscribers were exposed after Nice Systems stored the data on an unsecured Amazon S3 server. This meant that all the records were open to being viewed and accessed by anyone on the internet who came across them.

Such a situation is depressingly common with Amazon S3 storage servers having their security overlooked by their users.

The customer records were chock-full of the usual personal data, including names, phone numbers, and account PIN numbers. If said data was used maliciously, it could allow cyber crooks and pranksters to gain access to a person's Verizon account or use that information to set up phishing attacks and scams.

Chris Vickery, director of cyber risk at security company UpGuard, discovered the vulnerable server and alerted Verizon to it, it took more than a week for the server to be secured; hardly a rapid response.

Verizon told ZDNet that it's looking into the how the data ended up being improperly stored on the Amazon S3 server.

"Verizon provided the vendor with certain data to perform this work and authorized the vendor to set up AWS storage as part of this project," a Verizon spokesperson said. "Unfortunately, the vendor's employee incorrectly set their AWS storage to allow external access."

The spokesperson also noted that the data has no real external value and that there's been no sign of it being exploited out in the wild.

"There is some personal information in the data set," the spokesperson noted. "But as indicated earlier, there is no indication that the information has been compromised."

That may be that case, but it's still no excuse for having an unprotected sever holding private information. While Verizon wasn't really to blame in this case, it does show that it's worth being careful who you trust to manage your servers or other services for you. µ