Innumerable Verizon customer records – possibly millions – have been exposed by an Israeli technology company. The report was first published by publication ZDNet. The Data was found unprotected on the Amazon S3 Storage Server, which a Nice Systems’ employee reportedly controlled. The company is based in Israel. The storage server contained records of as many as 14 million subscribers who had called the carrier’s customer services in the past six months.
Considering that the server was unprotected, the data could have been downloaded by anyone having an easily guessable web address.
Watchdogs in the privacy sector have associated the Israeli company Nice with several governmental intelligence agencies. The company apparently works in tandem with phone cracking and surveillance companies such as Cellebrite and Hacking Team.
Verizon customer records leaked
Verizon was updated on this development by Chris Vickery, from UpGuard, a security firm. It was Vickery who found the data in late June and privately relayed the message to the company. It took a week for the officials to secure the data. The Verizon customer data details were found in log files that were created when a subscriber called the company’s customer service in the past 6 months. The interactions between the customer care executives and consumers were obtained, recorded, and analyzed by Nice.
The network operator uses the same data to improve customer service and verify account holders. Nice says that it can “realize intent” as well as “extract and leverage insights” and this can be done by just analyzing the same data.
The recorded data contained the customer’s mobile number, name, as well as their account’s PIN.
Per a Verizon customer care representative, who preferred to remain anonymous, this account PIN would grant any person the permission to access the subscriber’s account. The company currently has more than 108 million wireless customers on its post-paid network.
What did the folders contain?
Each month had its dedicated folders which started from January and ended in June.
Six folders were found for each month and included numerous daily log files, which apparently recorded the customer phone calls from many parts of the US. Each of these files was further subdivided into several fields of supplementary data, which included the customer’s email address, home address, their current Verizon account balance and many more details. The company even went on to have an additional field which recorded the customer's "frustration score." Verizon stated that it was looking into the matter and exploring o how the data was illegally stored on AWS.
