Verizon data of 6 million users leaked online

Posted: Updated:
MGN Online MGN Online
(CNN) -

Verizon confirmed on Wednesday the personal data of 6 million customers has leaked online.

The security issue, uncovered by research from cybersecurity firm UpGuard, was caused by a misconfigured security setting on a cloud server due to "human error."

The error made customer phone numbers, names, and some PIN codes publicly available online. PIN codes are used to confirm the identity of people who call for customer service.

No loss or theft of customer information occurred, Verizon told CNN Tech.

UpGuard -- the same company that discovered leaked voter data in June -- initially said the error could impact up to 14 million accounts.

Chris Vickery, a researcher at UpGuard, discovered the Verizon data was exposed by NICE Systems, an Israel-based company Verizon was working with to facilitate customer service calls. The data was collected over the last six months.

Vickery alerted Verizon to the leak on June 13. The security hole was closed on June 22.

The incident stemmed from NICE security measures that were not set up properly. The company made a security setting public, instead of private, on an Amazon S3 storage server -- a common technology used by businesses to keep data in the cloud. This means Verizon data stored in the cloud was temporarily visible to anyone who had the public link.

ZDNet first reported the breach.

Related: Data of almost 200 million voters leaked online by GOP analytics firm

The security firm analyzed a sample of the data and found some PIN codes were hidden but others were visible next to phone numbers.

UpGuard declined to disclose how the leaked data was discovered.

Dan O'Sullivan, a Cyber Resilience Analyst with UpGuard, said exposed PIN codes is a concern because it allows scammers to access someone's phone service if they convince a customer service agent they're the account holder.

"A scammer could receive a two-factor authentication message and potentially change it or alter [the authentication] to his liking," O'Sullivan said. "Or they could cut off access to the real account holder."

Verizon customers should update their PIN codes and not use the same one twice, O'Sullivan advises.

The is the latest leak to surface from a misconfigured Amazon S3 storage unit. In June, an analytics firm exposed the data of almost 200 million voters, and earlier this month, an insecure server leaked 3 million WWE fans' data last week.

Why does this keep happening? Amazon secures these servers by default. This means the errors that occur are due to changes someone makes with a security setting -- typically by accident, O'Sullivan said.

O'Sullivan says the Verizon case highlights how many third-parties have access to our personal data.

"Cyber risk is a fact of life for any digital service," O'Sullivan said. "As data becomes more powerful and more accessible, the potential consequences for it to be misused also becomes more dangerous."

Check out these photos from across KAKEland snapped by our viewers, staff and local officials. Do you have a photo to share with us? Email it to news@kake.com.

MORE SLIDESHOWS HERE

  • Most Popular Stories

    • Police are searching for suspects in Dollar General robbery

      The Dollar General in the 4500 block of East Pawnee was robbed Saturday evening. 

    • Art exhibit highlighting LGBTQ canceled at catholic university

      Newman University has canceled an art exhibit highlighting members of the LGBTQ community that are from Kansas. 

    • One person critical after west Wichita crash

      One person has been seriously injured after a crashed into a business in west Wichita. Police were called to the scene just after 6 Saturday evening when a vehicle crashed into the front of a store in the 3000 block of West 13th street. One person was not breathing when they were taken to the hospital, according to dispatch. The cause of the accident is believed to be a medical issue, but police are still investigating.

    • Inmate missing out of Osborne County

      Police in Osborne County are asking residents to be on the lookout for an escaped inmate.  Authorities say Joel Wagoner escaped the Osborne County jail Friday around 2:42 p.m. 

    • Missing man found safe

      Wichita Police are reporting missing man was found and is safe. 

    • Mother raising 'genderless' baby defends her family's decision

      The mother of Storm Stocker, the Canadian baby being raised with only a few people knowing his or her sex, defended her family's choice to raise their child without regard to gender.

    • Wichita police chief addresses illegal gambling indictments

      A total of six men have been indicted as part of an illegal gambling investigation in Wichita. Three of those charged were law enforcement officers in the community.

    • Singer Ed Sheeran announces engagement on Instagram

      Ed Sheeran has announced his engagement to girlfriend Cherry Seaborn.
    • Billy Preston leaves Kansas for pro ball in Bosnia

      Kansas freshman and presumed one-and-done forward Billy Preston is officially moving on from the University of Kansas and signing with a professional basketball team in Bosnia.

    • Man killed in motorcycle crash in south Wichita

      Wichita police say a 37-year-old man died after his motorcycle collided with a minivan on the city's south side.