On the list...
They're on my list of companies I'm very glad I've never done business with. Not that they weren't already there or anything.
Another day, another leaky Amazon S3 bucket. This time, one that exposed account records for roughly 14 million Verizon customers to anyone online curious enough to find it. The cloud-hosted repository, ironically owned by Israeli-based software security vendor NICE, contained terabytes of Verizon customer names, addresses, …
“to authenticate a customer calling our wireline call center, but do not provide online access to customer accounts.”
Wasn't there just a story about a TelCo allowing someone even without the proper passcode to request a service change to another persons account, effectively re-directing calls and SMS to the imposter's own phone, bypassing weak SMS authentication?
So if someone had my phone number, name, and PIN, they could do dangerous things to the account, correct, perhaps even force a reset of my online password?
Written by a wanker who has self-entitlement issues regarding people's data, but who also shirks any responsibility. So what was this outfit doing with this data? Feeding it into some election deepmind to manipulate the population once again, but then leaving the data fully exposed later anyway?
Biting the hand that feeds IT © 1998–2019