Verizon Breach On AWS Server Exposes 14 Million Customer Records

Run for the hills! In one of the biggest data breaches of the past year or so, records of at least 14 million Verizon customers have been exposed, including phone numbers and account PINs of the subscribers.

As reported, a contractor working for the company left the data unprotected.

According to the details that have surfaced, the contractor for the Israel based Nice Systems, who probably no longer works there now, set up an AWS S3 server to store the records for the project they were working on for Verizon.

Apparently, lax security measures were put in place, and the information was left downloadable by anyone, with an easy to guess web address.

And this is quite interesting, because when setting up an S3 account with Amazon Web Services, the cloud giant actually sets the default permissions for the files uploaded in that bucket as private. So, whoever left the record exposed had to override the default settings.

Verizon has, however, confirmed that it believes no one actually accessed the data, which itself did not contain truly sensitive information like social security numbers or bank accounts.

But this episode does show that while storing data in the cloud is fine and dandy, it’s only as secure as you make it. It is very much a wake-up call for anyone that is using the public cloud and uploading sensitive information there.