Data Breach

New Verizon data leak, the second one in a few months

Experts at Kromtech Security Research Center discovered a new Verizon leak exposed confidential and sensitive data on internal systems.

It has happened again, security researchers with Kromtech Security Research Center discovered a new Verizon leak exposed confidential and sensitive data on internal systems.

Leaked data includes server logs and credentials for internal systems, the huge trove of documents was found on an unprotected Amazon S3 bucket.

The archive seems to refer to internal Verizon Wireless systems, known as Distributed Vision Services (DVS), that is a middleware system used by the company to deliver data from the back-end systems to the front-end applications used by employees and staff in stores and at call centers.

“On September 20th, Kromtech Security researchers discovered publicly accessible Amazon AWS S3 bucket containing around 100MB of data attributing to internal Verizon Wireless system called DVS (Distributed Vision Services).” states a blog post published by Kromtech.

“DVS is the middleware and centralized environment for all of Verizon Wireless (the cellular arm of VZ) front-end applications, used to retrieve and update the billing data.”

The Amazon cloud storage contained several files, mostly scripts and server logs that included some login credentials to internal systems, some folders contained internal Verizon confidential documents, another folder contained 129 Outlook messages with internal communications within Verizon Wireless domain.

The repository contained:

  • Admin user info that could potentially allow access to other parts of the network
  • Command notes, logs including
  • B2B payment server names and info
  • Internal PowerPoints showing VZ infrastructure, with server IPs, marked as “Verizon Wireless Confidential and Proprietary information”
  • Global router hosts
  • 129 saved Outlook messages with access info and internal communications

Although no customers data are involved in this data leak, some scripts could be used by an attacker to elevate privileges within the internal systems and access them.

Some documents, marked as “confidential and proprietary materials,” include detailed information on the internal infrastructure, including server IP addresses and global router hosts.

It’s not clear why the confidential documents were exposed on a public server.

According to ZDNet, the unprotected Amazon S3 storage server was controlled by an employee that told ZDNet on the phone Thursday that the files were “not confidential,” he also added that Verizon was fully aware of the server’s existence.

This is the third incident suffered by Verizon in the last two years, in March 2016, hackers reportedly stole the records of 1.5 million customers in July 2017 which were offered for sale in the criminal underground, in July 2017 data belonging to 14 million U.S.-based Verizon customers have been exposed on an unprotected AWS Server by a partner of the telecommunications company.

A Verizon spokesperson confirmed that the company is “aware” of the incident.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Verizon, data leak)

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Wikileaks founder Julian Assange is free

WikiLeaks founder Julian Assange has been released in the U.K. and has left the country…

5 hours ago

CISA confirmed that its CSAT environment was breached in January.

CISA warned chemical facilities that its Chemical Security Assessment Tool (CSAT) environment was compromised in…

10 hours ago

Threat actors compromised 1,590 CoinStats crypto wallets

Threat actors breached 1,590 cryptocurrency wallets of the cryptocurrency portfolio management and tracking platform CoinStats.…

23 hours ago

Experts observed approximately 120 malicious campaigns using the Rafel RAT

Multiple threat actors are using an open-source Android remote administration tool called Rafel RAT to target Android…

1 day ago

LockBit claims the hack of the US Federal Reserve

The Lockbit ransomware group announced that it had breached the US Federal Reserve and exfiltrated…

1 day ago

Ransomware threat landscape Jan-Apr 2024: insights and challenges

Between Jan and Apr 2024, the global ransomware landscape witnessed significant activity, with 1420 ransomware…

1 day ago

This website uses cookies.