Researcher: Verizon Security Glitch Left Customer Information Vulnerable
Verizon Communications (NYSE:VZ) has finally fessed up to and fixed a security glitch found by a researcher at Prvsec that allowed anyone with a Verizon username and password easy access to the texting information of all other Verizon customers, The Verge reports.
The glitch involved the Verizon website’s “download to spreadsheet” function, which allows Verizon customers to log in and download a file of the date, time, and recipient of their most recent text messages. Before the glitch was fixed, a Verizon customer could type in the phone number of any other Verizon customer to see the same information about the texts sent from that person’s phone. Engadget pointed out that the actual content of the messages could not be accessed, but being able to access when and to whom text messages were sent is a serious privacy failing in and of itself.
The Prvsec researcher discovered the flaw in August, and up until it was fixed in September, the texting information of tens of millions of Verizon customers was vulnerable. It was then another month before Verizon made the issue public, on Monday. “I’m a Verizon customer myself,” the unnamed researcher told The Verge after explaining that he contacted Verizon as soon as he discovered the flaw and made sure it wasn’t made public before it was fixed, “so I wouldn’t want my own data exposed this way.”