lauren@vortex.com
Date: Fri, 14 Jul 2017 07:51:23 -0700
via NNSquad https://www.upguard.com/breaches/verizon-cloud-leak
The data repository, an Amazon Web Services S3 bucket administered by a
NICE Systems engineer based at their Ra'anana, Israel headquarters,
appears to have been created to log customer call data for unknown
purposes; Verizon, the nation's largest wireless carrier, uses NICE
Systems technology in its back-office and call center operations. In
addition, French-language text files stored in the server show internal
data from Paris-based telecommunications corporation Orange S.A.--another
NICE Systems partner that services customers across Europe and Africa.
Beyond the risks of exposed names, addresses, and account information
being made accessible via the S3 bucket's URL, the exposure of Verizon
account PIN codes used to verify customers, listed alongside their
associated phone numbers, is particularly concerning. Possession of these
account PIN codes could allow scammers to successfully pose as customers
in calls to Verizon, enabling them to gain access to accounts--an
especially threatening prospect, given the increasing reliance upon mobile
communications for purposes of two-factor authentication.