13 Jul 2017
It’s a cautionary tale of why you should make sure any vendors you use are as tight with their security as you are. (Or tighter.)
The data, which included names, phone numbers, and PINs of Verizon customers who had called the mobile provider’s customer support in the last six months was left on an Amazon cloud server. It was publically accessible and available for anyone to download by NICE Systems, a vendor used by Verizon. The information would even allow someone to bypass two-factor authentication.
NICE Systems is an Israeli company that offers services to intelligence agencies. Amond those services are data security and surveillance, including phone recordings. While that sounds ominous, it’s thought that Verizon uses NICE Systems to monitor their call center representatives for call quality monitoring.
The data also shows that NICE Systems has been working with Orange, a telecom based in Paris. NICE appears to have been collecting data on Orange customers in Africa and Europe.
The vulnerable data was reported by Chris Vickery at UpGuard, a cybersecurity firm. He alerted Verizon of his findings in late June and the problem was fixed within a week. It’s not known whether any hackers found the information as well, but the whole thing just goes to show how one weak link can cause massive problems.