UPDATED 22:23 EDT / JULY 12 2017

INFRA

14M Verizon customer records found on publicly available server

The personal information of 14 million customers of Verizon Communications Inc. has been discovered online thanks to what appears to be a security failure by a partner of the company.

The data was found on an Amazon Web Service Inc.’s S3 server controlled by an employee of Nice Systems Ltd., an Israeli firm that specializes in telephone voice recording, surveillance and, with no shortage of irony, data security as well.

According to an analysis published Wednesday by Chris Branch of the security firm UpGuard Inc., the data was exposed because of a misconfigured security setting on the server. “The data repository … appears to have been created to log customer call data,” Branch explained, before adding that the “data repository … was fully downloadable and configured to allow public access.”

Data within the repository is said to have been in the terabytes and included details including addresses, names, phone numbers account PINs and in some cases customer account balances.

The data itself related to log files that were generated by Verizon customers calling the company between January and June this year with the data being compiled to “realize intent and extract and leverage insights to deliver impact in real time.”

Verizon told ZDNet that it was investigating how the customer data had managed to find its way onto a publicly available S3 instance as part of an “ongoing project” to improve its customer service, presumably meaning making sure its customer details were not publicly available for download from the Internet.

“Verizon provided the vendor with certain data to perform this work and authorized the vendor to set up AWS storage as part of this project,” the company added. “Unfortunately, the vendor’s employee incorrectly set their AWS storage to allow external access.”

The good news is that it appears that Branch was the only person to download the data, meaning that the details in the data repository are safe from bad actors. But the case once again highlights the need to make sure internal compliance measures are in place with both companies and their partners to make sure that careless mistakes like this that potentially could cause serious damage don’t occur in the first place.

Photo: jeepersmedia/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Support our open free content by sharing and engaging with our content and community.

Join theCUBE Alumni Trust Network

Where Technology Leaders Connect, Share Intelligence & Create Opportunities

11.4k+  
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+ 
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.

SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.