Major Verizon Data Breach: What to Do Now

UPDATED 8:20 a.m. ET Thursday (July 13) with a statement from Verizon.

Have you called Verizon customer service in 2017? Better change your account personal identification number (PIN), if you have one.

Credit: DayOwl/Shutterstock

(Image credit: DayOwl/Shutterstock)

Verizon told CNN that personal information pertaining to six million customers, including names, street addresses, email addresses, telephone numbers and account PINs, had been left exposed in a database on a third-party cloud server for an undetermined length of time.

UpGuard, the information-security company whose researcher, Chris Vickery, found the exposed database, contended in its report today (June 12) that the number of affected Verizon accounts might be closer to 14 million.

MORE: What to Do After a Data Breach

The unprotected cloud server was operated by NICE, an Israeli firm that handles customer-service operations for many large American companies.

Vickery, who specializes in finding unprotected data online, stumbled across the database by guessing its web address. He said it contained logs of Verizon customer-service inquiries beginning in January 2017.

Vickery notified Verizon of the exposed database on June 13, the UpGuard report states, but the database was not fully secured until June 22. There is no evidence that anyone other than Vickery accessed the data — but on the other hand, there's no evidence that no one did.

Although the logs made reference to voice recordings of customer-service calls, the UpGuard report said Vickery found none on the server.

It was not immediately clear whether the customer database pertained to Verizon wireless, landline or business customers, or a combination of any of the three.

Last month, Vickery revealed that he'd found data pertaining to nearly every registered U.S. voter on an unprotected online database run by a political analytics firm. That was the second time he'd done so. Last year, he found data pertaining to nearly 2,000 children in a server run by a parental-monitoring software firm.

Vickery also found data on the NICE server pertaining to Orange, a French cellular carrier that has operations in two dozen countries in Europe, the Middle East and Africa. That data appeared to be less sensitive.

UPDATE: Verizon has released a statement that reads, in part:

"We have been able to confirm that the only access to the cloud-storage area by a person other than Verizon or its vendor was a researcher who brought this issue to our attention. In other words, there has been no loss or theft of Verizon or Verizon customer information."

The statement goes on to imply that the telephone numbers involved are primarily from residential and business landlines, and that "the PINs are used to authenticate a customer calling our wireline call center, but do not provide online access to customer accounts."

TOPICS
Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

Latest in Online Security
An image of a CAPTCHA
Hackers are using reCAPTCHA to trick users into infecting their own PCs with malware — how to stay safe
A smartphone screen displaying the Android name and logo next to a sign reading 'MALWARE'.
Fake Google Play Store pages are spreading Trojan malware that can steal your financial data
Best antivirus software
How does antivirus software work
and image of the Google Chrome logo on a laptop
Google Chrome at risk from shape-shifting browser extensions — how to stay safe
Green skull on smartphone screen.
Over 1 million Android devices infected with password-stealing, pre-installed botnet malware — how to stay safe
Android 12
Google March Android Security Update fixes two high severity vulnerabilities — update now
Latest in News
Galaxy Z Fold 6 shown in hand
Samsung Galaxy Z Fold 6 could finally get this feature from the best foldable phones thanks to One UI 7
OnePlus 13
OnePlus is ditching this iconic feature — and there's serious backlash
Horizon Forbidden West on PC
AI-powered PlayStation characters are being tested at Sony — what we know
(L-R) Will Smith as Robert Clayton Dean and Gene Hackman as Edward "Brill" Lyle in "Enemy of the State"
Prime Video’s top 10 has just been crashed by a ‘90s action-thriller with Will Smith — now's the perfect time to stream it
iOS 19 logo on an iPhone
iOS 19 could give your iPhone a whole new Vision Pro-inspired look
Asus VU Air Ionizer Monitor on desk with person relaxed in office chair
This Asus monitor acts as a makeshift air purifier — your allergies will thank you later