Nearly 6 million Verizon customers may be at risk after it was discovered that cloud storage for the cellular communications giant was hacked.
Customer data, including phone numbers and PIN identifiers, were made vulnerable after a cyber attack on Verizon's cloud storage systems, according to CNN.
The attack was executed on an Israeli-based third party that Verizon was using for its customer service support. The third party did not properly set up its security systems, leading to vulnerabilities.
UpGuard, a cyber security firm, discovered the leak and initially believed the hack to have affected nearly 14 million customers. ZDNet reported. A researcher looking into the Verizon hack believed that the Israeli-based customer support center that Verizon had outsourced its customer calls to was struggling to correctly modify its security settings.
Verizon uses cloud services provided by Amazon to store its troves of customer information and data. The Israeli company inadvertently made an error in setting up its end of the customer data access point, leaving the cloud public instead of private.
UpGuard believes the hack took place some time in the first six months of 2017.
Anyone with the private link could gain access to the Amazon cloud service where millions of pieces of customer data are stored. Hackers could then take the phone numbers and PINs and use them to impersonate the Verizon user on customer care phone calls, transferring service or cutting off service.
Dan O'Sullivan, researcher for UpGuard, advised Verizon customers to abandon their old PIN and choose a new one, making sure not to use the same one twice.
Changing passwords and setting up two-step authentication is always a good idea after a security breach where personal data may have been compromised.
Amazon Cloud Services, particularly the Amazon S3 storage unit, has had trouble with cyber security in recent months. In June, data from more than 200 million voters was exposed by a data analytics firm, and in July, 3 million users on the WWE website had their information leaked.
Security issues in the Amazon Cloud are usually caused by user error, says O'Sullivan. The servers are secured by default, meaning leaks are generally the result of a change in the cloud's security settings. It's generally an accident and goes unnoticed, he noted.
"Cyber risk is a fact of life for any digital service," O'Sullivan said. "As data becomes more powerful and more accessible, the potential consequences for it to be misused also becomes more dangerous."