A third-party vendor working with Verizon left the data of as many as 14 million US customers exposed on a misconfigured server. UpGuard Director of Cyber Risk Research spotted exposed names, addresses, account details, account personal identification numbers (PINs) and information fields indicating customer satisfaction tracking for as many as 14 million US customers. The data was contained on a misconfigured Amazon S3 data repository owned and operated by telephonic software and data firm NICE Systems, a third-party vendor for Verizon.If an attacker were to access the information it would allow them to pose as customers in calls to Verizon and gain access to a user's account. Researchers described this scenario as “an especially threatening prospect, given the increasing reliance upon mobile communications for purposes of two-factor authentication.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street