20 Jul Millions of Verizon Customer Records Exposed in Security Lapse
It appears that Verizon Wireless suffered a major security incident when as many as 14 million records were found on an unsecured Amazon S3 storage server belonging to a business partner. The customer records were contained in log files that were generated when Verizon customers called customer service over the course of the last six months. Each record included a customer’s name, a cell phone number, and their account PIN — which if obtained would grant anyone access to a subscriber’s account. Each record also contained hundreds of fields of additional data, including the customer’s home address, email addresses, what kind of additional Verizon services the subscriber had, the current balance of their account, and if the subscriber has a Verizon federal government account
The company is still investigating why the sensitive data was not properly secured on the Amazon Web Services (AWS) server, but it appears that an employee incorrectly set the AWS storage to allow external access.
We don’t know if the configuration error was intentional, but according to reports from ZDNet, unauthorized individuals accessed the data and Verizon Wireless failed to detect the intrusion and data exfiltration. Verizon learned of the security incident from a third-party security firm. This implies that Verizon Wireless did not have an effective UEBA solution in place.
Although we don’t know the particular circumstances or details of this security incident, on the surface it appears that had a basic UEBA solution been in place, it would have detected this breach early on, and would have spared Verizon from the embarrassing lapse in security. It would also have saved 14 million users the pain and trouble of having their personal financial information disclosed and potentially used without authorization.
Hopefully, Verizon and others who are monitoring this incident will learn from the experience and deploy the necessary tools to detect when configuration errors lead to unauthorized access.