The security vulnerability comes just one month after the company officially acquired Yahoo, which suffered the world’s largest hacks in 2014 and 2016.
CREDIT: AP Photo/Mel Evans, File
One month almost to the day after it acquired Yahoo, Verizon has suffered a major breach that exposed data belonging to an estimated 14 million customers who called Verizon’s customer service department in the last six months.
The breach occurred because an employee at the Israeli tech company Nice Systems, which is responsible for maintaining data storage for some of the world’s biggest companies, left an Amazon storage server unprotected, ZDNet first reported. The data was left vulnerable for six months, during which time anyone with the URL could download it.
The exposed data “had no external value,” Verizon said in a news release Wednesday.
The overwhelming majority of information in the data set had no external value, although there was a limited amount of personal information included, and in particular, there were no Social Security numbers or Verizon voice recordings in the cloud storage area.
Verizon also said the data set contained a limited number of cell phone numbers used to contact customers but did not elaborate on how that is quantified.
UpGuard’s cybersecurity researcher Chris Vickery, who also discovered a vulnerability that exposed about 200 million Republican voters’ data last month, found the security vulnerability in June. It took Verizon more than a week to patch it, ZDNet reported.
News of the Verizon breach comes on the heels of its official Yahoo acquisition — a deal that almost didn’t happen because of search engine’s own security problems. Yahoo suffered two massive data breaches in 2014 and 2016, which exposed data from more than 500 million users. The breaches nearly halted Verizon’s acquisition talks: The telecom giant slashed its purchase price by $350 million earlier this year and the federal government began investigating Yahoo’s culpability in the security breaches.
Verizon and Nice Systems are investigating the data breach.