Verizon Data exposed on AWS Servers
American Telecommunicatons giant Verizon Wireless has been claimed to have left about 100MB of data that was allegedly operated by a Verizon employee in the Amazon S3 server.
The server in which the data was found was an open one and was not owned by Verizon, and according to the Kromtech Security researchers, the data in it contained Verizon corporate information connected to an internal system called Distributed Vision Services (DVS), but no customer data was involved.
Kromtech described DVS as “ the middleware and centralized environment for all of Verizon Wireless (the cellular arm of VZ) front-end applications, used to retrieve and update the billing data.”
“ Upon analyzing the content of the repository, we identified the alleged owner of the bucket and sent responsible notification email on September 21st. Shortly after that, online archive has been took down and it has been later confirmed that the bucket was self-owned by Verizon Wireless engineer and it did not belong or managed by Verizon,” wrote Bob Diachenko, Kromtech' s chief security communications officer.
It is believed that some of the content which was found in the server was labeled “ VZ Confidential” and some others were labeled “ Verizon Confidential,” in which, some information on internal communications, usernames and passwords that could be used to access other parts of Verizon' s network were present.
This is not the first time that Verizon has faced a vulnarable situation this year. Earlier this year, a similar situation made the telecommunications giant unprotected on the Amazon server in which 14 million Verizon customer records were exposed on a mis-configured server being operated by a third-party vendor.
Amazon Web Services (AWS) is a secure cloud services platform, offering computing power, database storage, content delivery, and other functionality to help businesses scale and grow.