14 million of Verizon’s customers have had their private details revealed on the world wide web by the mistake of NICE Systems, causing the telecom provider to suffer a data security breach.
The data was stored on a defenseless Amazon S3 cloud server, easy to download and allowing public access. It was discovered by Chris Vickery, director of cyber risk research at UpGuard.
Everything from names, PINs and phone numbers of millions of users have been exposed, making it easy for anyone to access a person’s account, the data being enough to pass the two-factor authentication.
The company whose mistake this security breach was is NICE Systems, based in Israel. Their service offers solutions for intelligence agencies, like surveillance and data security.
What’s interesting is that it appears that Verizon allowed the NICE Systems to monitor their operators stationed in the call-center and collect call details of their users in the meantime. All the customers who have contacted the provider in the past half a year are the ones with their information exposed.
Another interesting detail is that the exposed content showed a connection between NICE Systems and Orange, a telecom company based in Paris. It appears that NICE it collects Orange users’ data from Africa and Europe.
Within a week of Vickery contacting the provider, Verizon’s team managed to secure the information that has leaked. This is not the first time Vickery has busted revealed data sets online.
He also found Deep Root Analytics’ unsafe Amazon S3 server which showed data of almost 200 million Americans, which is 60% of the population of USA.
Another 60,000 documents have been found this March by Vickery, connected to a US military project for NGA, easily accessible for anyone.
He has been connected to two more major records leakage back in 2015 and another one in March this year.