Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
65,002
33,190



Up to 14 million Verizon subscribers may have had their sensitive data exposed by Nice Systems, a partner of Verizon, reports ZDNet. Subscriber records from users who called customer service over the past six months were located on an unprotected Amazon S3 storage server controlled by Verizon partner Nice Systems.

The data, which included customer names, phone numbers, home addresses, email addresses, and account PINs, was accessible to anyone who found what ZDNet says was an easy-to-guess web address. That PINs were made available is concerning as a PIN is what's used to verify a customer's identify and make changes to an account.

verizonlogo-800x206.jpg
The customer records were contained in log files that were generated when Verizon customers in the last six months called customer service. These interactions are recorded, obtained, and analyzed by Nice, which says it can "realize intent, and extract and leverage insights to deliver impact in real time." Verizon uses that data to verify account holders and to improve customer service.
There were six folders for the months between January 2017 and June 2017, which included customer calls from several different US regions. Records included "hundreds of fields of additional data" beyond name, phone number, and PIN, like current account balance, a list of Verizon services, and more. No audio files were found, though the log files were based on calls. Some of the data was masked, but it's not clear what was hidden and what was exposed.

Verizon was informed of the leak in late June and it took more than a week for the information to be secured. Verizon told ZDNet it is investigating how information was improperly stored on the Amazon Web Services server. The company also said the "overwhelming majority" of the data has "no external value" and there's "no indication that the information has been compromised."
"Verizon provided the vendor with certain data to perform this work and authorized the vendor to set up AWS storage as part of this project," said a spokesperson. "Unfortunately, the vendor's employee incorrectly set their AWS storage to allow external access."
Verizon customers who have called in to customer support over the course of the last six months should update their PINs as a precaution.

Update: Verizon released a press statement clarifying that no one accessed the data, so there was no theft or loss of customer information. Verizon also says that only 6 million unique customers were affected and those customers were part of its residential and small business wireline.

Article Link: Verizon Partner Exposes Data of Millions of Customers Who Called Customer Service [Updated]
 

Bawstun

Suspended
Jun 25, 2009
2,374
3,000
Fake news. None of that information was ever protected in the first place. Literally almost each and every thing about all of us is known - to those who want to know it.

We have no privacy in the digital age, 'hacked' or not. It is all available.
 
  • Like
Reactions: DeepIn2U

Mick-Mac

macrumors 6502a
Oct 24, 2011
515
1,168
"may have had their sensitive data exposed by Nice Systems"
after translating from Marketing to English becomes:
"had their sensitive data exposed by Nice Systems"
 

keysofanxiety

macrumors G3
Nov 23, 2011
9,539
25,302
Fake news. None of that information was ever protected in the first place. Literally almost each and every thing about all of us is known - to those who want to know it.

We have no privacy in the digital age, 'hacked' or not. It is all available.

Cool. In which case I'm sure you don't mind publically sharing your full name, phone number, email address and home address with us?

Allowing such information to become available to the public by simply following a URL which wasn't secured is far from "fake news". It's very much real news and very much an oversight that could have been easily avoided.
 

Bawstun

Suspended
Jun 25, 2009
2,374
3,000
Cool. In which case I'm sure you don't mind publically sharing your full name, phone number, email address and home address with us?

Allowing such information to become available to the public by simply following a URL which wasn't secured is far from "fake news". It's very much real news and very much an oversight that could have been easily avoided.

Coincidence that your username is keysofanxiety? I only meant to imply that any fear from this leak is the fake news. Everyone could know your address if they wanted to. Snapchat geocodes you. FB geotags you. Your phone tracks everywhere you go. Even this forum has your IP address and could make a discernible guess as to your location. Take pictures? The EXIF data extracted from those would give every location of any picture you've ever taken and posted to Instagram, etc.

And that's not even mentioning all of the rights we toss away whenever we click "I agree" to those lengthy TOS agreements that nobody ever reads. Or to say anything of the Patriot Act and the loss of those civil liberties.

People shouldn't get scared by this Verizon leak - that moment passed about 15 years ago.
 

keysofanxiety

macrumors G3
Nov 23, 2011
9,539
25,302
Coincidence that your username is keysofanxiety? I only meant to imply that any fear from this leak is the fake news. Everyone could know your address if they wanted to. Snapchat geocodes you. FB geotags you. Your phone tracks everywhere you go. Even this forum has your IP address and could make a discernible guess as to your location. Take pictures? The EXIF data extracted from those would give every location of any picture you've ever taken and posted to Instagram, etc.

And that's not even mentioning all of the rights we toss away whenever we click "I agree" to those lengthy TOS agreements that nobody ever reads. Or to say anything of the Patriot Act and the loss of those civil liberties.

People shouldn't get scared by this Verizon leak - that moment passed about 15 years ago.

All of that is true, yet it doesn't mean making such information readily available is appropriate.

There seems to be these sorts of comments every time there's any type of privacy leak and frankly I'm sick of reading it. "Who cares, if you're part of Google's ecosystem, or use Facebook, people know this stuff anyway. You think you're safe? LOL."

It's a hugely dismissive argument. Yes, people can always find stuff about you if they look hard enough or have the sufficient knowledge. There's no such thing as 'real privacy' on the Internet; nobody is denying that. But that doesn't somehow justify even more people or companies making it easier to do so.
 

lunarworks

macrumors 68000
Jun 17, 2003
1,972
5,213
Toronto, Canada
Fake news. None of that information was ever protected in the first place. Literally almost each and every thing about all of us is known - to those who want to know it.

We have no privacy in the digital age, 'hacked' or not. It is all available.
The leak contains account PINs, that number they ask to verify it's you. The other thing is it's millions of users all wrapped up in a tidy, effortless package. No need to spend time trawling for personal info.
 

WRChris

macrumors 6502a
Aug 17, 2016
680
949
Indiana
Coincidence that your username is keysofanxiety? I only meant to imply that any fear from this leak is the fake news. Everyone could know your address if they wanted to. Snapchat geocodes you. FB geotags you. Your phone tracks everywhere you go. Even this forum has your IP address and could make a discernible guess as to your location. Take pictures? The EXIF data extracted from those would give every location of any picture you've ever taken and posted to Instagram, etc.

And that's not even mentioning all of the rights we toss away whenever we click "I agree" to those lengthy TOS agreements that nobody ever reads. Or to say anything of the Patriot Act and the loss of those civil liberties.

People shouldn't get scared by this Verizon leak - that moment passed about 15 years ago.
Nothing about this is fake news. Do you know what that even means?

Also your assumption that everyone who uses Verizon customer service uses those other services you talked about seems ludicrous.

Should we not know that our PINs may be in the hands of someone other than the account holder or Verizon?
 
Last edited:

McFlyOz

macrumors member
Jul 22, 2015
76
107
Key Largo
The thing that struck me from this article is that the author said PIN number which is incorrect. It is a personal identification number, as such, already had the word number in the acronym. PIN number offends me as an English speaker.
 

gixxerfool

macrumors 65816
Jun 7, 2008
1,087
786
Glad I switched to T-Mobile. Verizon shut down my account so fast it made my head spin. Even the CSRs have trouble finding it.
 

SoN1NjA

macrumors 68020
Feb 3, 2016
2,073
2,184
Coincidence that your username is keysofanxiety? I only meant to imply that any fear from this leak is the fake news. Everyone could know your address if they wanted to. Snapchat geocodes you. FB geotags you. Your phone tracks everywhere you go. Even this forum has your IP address and could make a discernible guess as to your location. Take pictures? The EXIF data extracted from those would give every location of any picture you've ever taken and posted to Instagram, etc.

And that's not even mentioning all of the rights we toss away whenever we click "I agree" to those lengthy TOS agreements that nobody ever reads. Or to say anything of the Patriot Act and the loss of those civil liberties.

People shouldn't get scared by this Verizon leak - that moment passed about 15 years ago.
Instagram deletes all metadata from photos when they’re posted

I don’t use Facebook

And Snapchat isn’t allowed to use my location outside of the app
 

Bawstun

Suspended
Jun 25, 2009
2,374
3,000
Instagram deletes all metadata from photos when they’re posted

I don’t use Facebook

And Snapchat isn’t allowed to use my location outside of the app

Sure. You feel confident now. Lololololllllll
 

SoN1NjA

macrumors 68020
Feb 3, 2016
2,073
2,184
Sure. You feel confident now. Lololololllllll
Obviously my location isn’t the hardest thing in the world to acquire, but once I took my tinfoil hat off I realized not everyone has my location whenever they want
 

Apple_Robert

Contributor
Sep 21, 2012
35,263
51,626
In the middle of several books.
Why is it that Verizon hasn't contacted its subscribers to let them know about this? Not happy about the lack of contact. Thank you MR for posting the story. I changed my PIN just to be on the proverbial safe side.
 

willmtaylor

macrumors G4
Oct 31, 2009
10,314
8,198
Here(-ish)
Why is it that Verizon hasn't contacted its subscribers to let them know about this? Not happy about the lack of contact. Thank you MR for posting the story. I changed my PIN just to be on the proverbial safe side.
Because, while it was vulnerable, there was no indication that the information was accessed.

The Verge's write up made that clearer:

"CNN reports that the cause was a misconfigured security setting on the server. As a result, anyone who knew the web address could download the files. But Verizon says no other external party had access to the data, telling CNN that no loss or theft of customer information occurred."​
 
  • Like
Reactions: Apple_Robert

sleepydinosaur

Suspended
Oct 31, 2009
242
178
Paying off the FCC doesn't erase that. Verizon doesn't care though. What are you going to do, switch?
[doublepost=1499914622][/doublepost]
Because, while it was vulnerable, there was no indication that the information was accessed.

The Verge's write up made that clearer:

"CNN reports that the cause was a misconfigured security setting on the server. As a result, anyone who knew the web address could download the files. But Verizon says no other external party had access to the data, telling CNN that no loss or theft of customer information occurred."​
Well Verizon said it so it MUST be true.
 

B4U

macrumors 68040
Oct 11, 2012
3,662
4,267
Undisclosed location
The thing that struck me from this article is that the author said PIN number which is incorrect. It is a personal identification number, as such, already had the word number in the acronym. PIN number offends me as an English speaker.
It happens way too often, ATM machine, VIN number, LCD display, CAC card.

Given that all information other than the PIN were sold to third party anyway, Verizon just need to find some good excuses to cover up...
 
  • Like
Reactions: willmtaylor
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.