Verizon has revealed that the personal data of six million users were exposed online.
Verizon spoke to CNN about the data breach, telling them that the leak was caused by “human error” and a misconfigured security setting on a cloud server rather than a sophisticated cyber attack. As a result of this human error, the phone numbers, names, and PIN codes of around 6 million users became publicly available online.
The leak of PIN codes is extremely troubling given that they are used by Verizon to confirm the identity of a customer when they call customer service, allowing access to sensitive financial and personal details relating to their Verizon account.
Verizon, however, claims that no loss or theft of customer information occurred as a result of the data leak. The data leak was reported to Verizon on June 13th and the security issue was fixed by June 22nd.
The security issue arose from an incorrect security setting on an Amazon S3 storage server. A particular setting was set to public rather than private, meaning that anyone with access to the public link to the Verizon cloud was able to access the personal user data.
In June, Verizon completed its $4.5 billion acquisition of Yahoo. In 2016, Yahoo disclosed two different data breaches that had compromised the user information of 500 million and one billion users in each case.