Security experts recommend Verizon customers change their PINs

In a statement, Verizon said there was no loss or theft of the exposed information, the account PINs do not provide access into online accounts and that other valuable data was leaked.

The data included customers’ names, addresses, account details and their Verizon personal identification number. Customer data belonging to over 14 million Verizon subscribers was left unprotected due to the oversight of a Nice Systems employee who had incorrectly allowed external access to the AWS storage which held the Verizon customer data. A threat actor could use a customer’s PIN to either hijack the phone account directly or interfere with two-factor authorization methods by changing account settings to redirect information.

UpGuard traced the data back to a Nice Systems engineer based in the company’s Ra’anana, Israel headquarters. UpGuard is the same company that discovered unsecured voter registration data on the servers of an RNC contractor in June. It’s concerning enough that this Verizon customer data was left exposed online, but when you consider how much information could be collected by government agencies, carelessness like this becomes truly scary. (NYSE:VZ) customers who called their help line over the past half year have unwittingly had their personal account details exposed to potential hackers. The data was downloadable by anyone with the easy-to-guess web address, according to the report.

Verizon’s breach is not a wireless issue, but is related to a residential and small business wireline self-service call center portal, the company said. It remains unclear if Verizon plans to notify those impacted, but asserted that it remains “committed to the security and privacy” of its customers. PIN codes are used to confirm the identity of people who call for customer service. He said it contained logs of Verizon customer-service inquiries beginning in January 2017.

According to CNN, NICE Systems did not properly set up an Amazon S3 storage server, which is a very common tool used by companies that deal with cloud storage. From there, the thief can use social engineering to make changes to your account which, for example, means adding more users to the service or making upgrades that you didn’t make.