Verizon Downplays Impact Of Customer Data Exposure

[Lucian Armasu]

Verizon responded to a report that 14 million of its accounts were exposed by a third-party vendor that stored the data in plaintext on a public Amazon S3 storage server.

Verizon Downplays Impact Of Customer Data Exposure : Read more

 

[hellwig]

I'm glad you state this:

"If these were mobile phone numbers, they could have allowed potential attackers access to customers’ Verizon accounts. This could have then further given the attackers access to online services that were protected by SMS-based two-factor authentication. Once the attackers could be identified as “customers” of Verizon, they could transfer the phone numbers to different phones and then receive the SMS tokens."

Because there was another story recently where someone was able to do exactly this, even without the PIN included in this leak. Human error was at fault there (apparently some operator felt sorry for the scammer) but if you have than PIN, that's the only thing that tells Verizon you are who you are. In that case, the lesson was do not tie a bank account to your PayPal account.

In this case, it appears to be Don't Trust Verizon, they will lie about the severity of the leak.

 

[10tacle]

I left Verizon earlier this year after being a six year customer (moving from AT&T). The final straw was them removing customer discounts for working for a vendor of theirs (mine was 20% which was big for an $80+ monthly bill). A friend of mine worked for them for years as a back end security programmer and he left due to incompetent and arrogant vertical management. They never listened to anyone. And now we have this. Idiots.