Personal data of over six million Verizon customers was allegedly leaked online on July 12. Cybersecurity firm UpGuard in its recent research has found a misconfigured security setting on a cloud server due to some human error. This incorrect setting is said to be the root cause of the leak.

Verizon Communications
Verizon’s 6 million customer data leaks online.Reuters File

It is evident that the leak has compromised personal data of over six million Verizon customers, including their names, PIN codes and phone numbers. However, Verizon has reported to CNN tech that there has been no theft or loss of the customer information which has been made publicly available, following the massive leak.

It is estimated that the actual number of affected user accounts could go up to 14 million due to the misconfigured security setting by NICE systems (Israel-based company) who is working with Verizon to provide customer service call facility.

Chris Vickery, an UpGuard researcher, has alerted Verizon about the leak on July 13 while also pointing out that a compromised security setting on the Amazon S3 storage server was behind the leak. Vickery suggested that the security setting was set to "public" instead of "private" and thus making the data temporarily available for public viewing.

UpGuard has chosen not to reveal how it discovered the leak in the first place. According to UpGuard's Cyber Resilience Analyst Dan O' Sullivan, the leaked PIN codes info could enable hackers to access the victim's phone service if they could fool the customer service agent into believing that they are the original account holders.

"Cyber risk is a fact of life for any digital service. As data becomes more powerful and more accessible, the potential consequences for it to be misused also becomes more dangerous," O'Sullivan explained.

There have been numerous other similar leaks in the recent past, including the infamous Reliance Jio data breach that compromised data of over 120 million Jio users via a website called Magicapk.com. It was reported that the leaked info on the alleged website included mobile number, email ID, SIM activation date and even Aadhaar details.