Verizon data of 6 million users leaked online

Posted: Updated:
MGN Online MGN Online
(CNN) -

Verizon confirmed on Wednesday the personal data of 6 million customers has leaked online.

The security issue, uncovered by research from cybersecurity firm UpGuard, was caused by a misconfigured security setting on a cloud server due to "human error."

The error made customer phone numbers, names, and some PIN codes publicly available online. PIN codes are used to confirm the identity of people who call for customer service.

No loss or theft of customer information occurred, Verizon told CNN Tech.

UpGuard -- the same company that discovered leaked voter data in June -- initially said the error could impact up to 14 million accounts.

Chris Vickery, a researcher at UpGuard, discovered the Verizon data was exposed by NICE Systems, an Israel-based company Verizon was working with to facilitate customer service calls. The data was collected over the last six months.

Vickery alerted Verizon to the leak on June 13. The security hole was closed on June 22.

The incident stemmed from NICE security measures that were not set up properly. The company made a security setting public, instead of private, on an Amazon S3 storage server -- a common technology used by businesses to keep data in the cloud. This means Verizon data stored in the cloud was temporarily visible to anyone who had the public link.

ZDNet first reported the breach.

Related: Data of almost 200 million voters leaked online by GOP analytics firm

The security firm analyzed a sample of the data and found some PIN codes were hidden but others were visible next to phone numbers.

UpGuard declined to disclose how the leaked data was discovered.

Dan O'Sullivan, a Cyber Resilience Analyst with UpGuard, said exposed PIN codes is a concern because it allows scammers to access someone's phone service if they convince a customer service agent they're the account holder.

"A scammer could receive a two-factor authentication message and potentially change it or alter [the authentication] to his liking," O'Sullivan said. "Or they could cut off access to the real account holder."

Verizon customers should update their PIN codes and not use the same one twice, O'Sullivan advises.

The is the latest leak to surface from a misconfigured Amazon S3 storage unit. In June, an analytics firm exposed the data of almost 200 million voters, and earlier this month, an insecure server leaked 3 million WWE fans' data last week.

Why does this keep happening? Amazon secures these servers by default. This means the errors that occur are due to changes someone makes with a security setting -- typically by accident, O'Sullivan said.

O'Sullivan says the Verizon case highlights how many third-parties have access to our personal data.

"Cyber risk is a fact of life for any digital service," O'Sullivan said. "As data becomes more powerful and more accessible, the potential consequences for it to be misused also becomes more dangerous."

Check out these photos from across KAKEland snapped by our viewers, staff and local officials. Do you have a photo to share with us? Email it to news@kake.com.

MORE SLIDESHOWS HERE

  • Most Popular Stories

    • Thief targets an already grieving Wichita mother

      An already grieving Wichita mother was dealt another blow thanks to a thief.

    • El Dorado teen killed in crash in rural Butler County

      A vehicle filled with young adults was heading north when it went off Hopkins Switch Road.

    • Paul McCartney's take on Westboro protesters at Wichita concert

      Paul McCartney has his own take on Westboro Baptist Church protesters who gathered outside of Wichita's INTRUST Bank Arena ahead of the former Beatle's concert Wednesday night. 

    • Emails request changes inside prison

      Emails from prison workers obtained by KAKE News reveal specific concerns about conditions inside the El Dorado Correctional Facility. Specifically, the emails list security and protection concerns among guards. 

    • 'Speed enforcement blitz' in Kansas this weekend

      Drivers in Kansas may notice more traffic enforcement this weekend. That's because authorities are taking part in a "speed enforcement blitz" statewide. 

    • Hackers of Kansas data system got Social Security numbers of millions in 10 states

      Hackers who breached a Kansas Department of Commerce data system used by multiple states gained access to more than 5.5 million Social Security Numbers and put the agency on the hook to pay for credit monitoring services for all victims.

    • Bethel College hires husband-wife coaching duo to lead women's basketball program

      Bethel College will welcome its second husband-wife coaching team with the appointment of Drew Johnson, head women’s basketball coach, and Nicole (Ohlde) Johnson, assistant coach. Athletic Director Tony Hoops announced the hires July 20, following the resignation earlier this month of Adam Esses, who took a position at the University of Texas-San Antonio, an NCAA Division I school. “I could not be more pleased to have Drew and Nicole join our Bethel College athletic staf...
    • Conviction upheld in murder of Wichita radio station employee

      The Kansas Supreme Court today affirmed convictions in the beating death of a Wichita radio station employee.   

    • Teens may face charge after watching man drown

      Authorities in Florida say a group of teens who watched, laughed and made a video as a man drowned in a retention pond can be charged with failure to report a death.

    • Union: El Dorado prison forcing officers to work 16-hour shifts

      A union representing Kansas state employees says some officers at the state's maximum-security prison outside El Dorado are being required to work 16-hour shifts.