Verizon’s Internal Data Exposed on Unprotected AWS Server

September 26, 2017

verizon2017 has seen several major data leaks that were directly caused by misconfigured cloud servers. In July it was reported that World Wrestling Entertainment left the information of 3 million fans exposed on an Amazon Web Services (AWS) S3 server—the data was unprotected and stored in plain text. In that same month, as many as 14 million Verizon customers were also exposed as an Israeli-based firm left the data unprotected on an AWS server. And just last week, vehicle recovery company SVR Tracking lost control over the tracking information of over 500,000 vehicles online—Vehicle Identification Numbers (VIN), the location of the tracking device on the vehicles and user credentials were all exposed again on a misconfigured storage server.

On September 22, reports disclosed that Verizon data was once again exposed as 100MB of information from the internal Verizon system called Distributed Visions Services (DVS) was left unprotected on an AWS S3 server. The DVS system was used for retrieving billing information on Verizon Wireless applications. The researchers involved found usernames, passwords, and Outlook messages from internal communications. They also found sensitive communications and proprietary information in the database—information that could be used to gain deeper access into Verizon’s internal network.

Simple internal errors could have caused these repeated leaks. It's possible that mistakes were made when setting up the access controls for the AWS S3 storage server buckets. Administrators often give users wide-ranging permissions and allowing almost anyone with AWS credentials to access their data.

Because of the cloud’s rapid growth, many organizations use the applications without properly securing them. Recent reports say that poor configuration is the chief culprit for lost data on cloud services. And as more and more enterprises are feeling the damaging effects of poor data protection, effective solutions become a necessity.

Organizations that rely on the cloud for a large portion of their databases can look into cloud-centric solutions such as Trend Micro™ Hybrid Cloud Security, which delivers a blend of cross-generational threat defense techniques that have been optimized to protect physical, virtual, and cloud workloads. It also features Trend Micro™ Deep Security™, the market share leader in server security, protecting millions of physical, virtual, and cloud servers around the world.

HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.