Customer addresses, phone numbers, account numbers, and other personal information have been leaked using a chat system that allows potential Fios subscribers find out if Fios services are available in their area.
They display when consumers click a link to talk with a Verizon employee. On-screen transcripts of previous talks with other customers, existing or future, are displayed. The transcripts include full names, addresses, phone numbers, account numbers (if any) and other information. Ars has seen some transcripts from June. A second Window listed customers’ addresses, but it wasn’t evident who owned them.
A teacher discount for Fios was requested on November 29. Here are some censored screenshots of what was accessible.
Ars learned of the breach Monday afternoon and contacted Verizon. The goal was to patch the leak and then disclose it. The breach was still going on, however the amount of revealed chats had decreased. Ars chose to disclose the breach to warn potential users of the service. When did Verizon start releasing data? Some of the exchanges date back to June, meaning the breach may have been ongoing for months.
“We’re looking into an issue involving our online chat system that assists individuals who are checking on the availability of Fios services. We believe a small number of users may have seen a name, phone number, and/or a home or building address from an unrelated individual who had previously used this chat system to enter that information. Since the issue was brought to our attention, we’ve identified and isolated the problem and are working to have it resolved as quickly as possible.”
Verizon has a history of leaking consumer data. In 2016, an online criminal forum sold a database of over 1.5 million Verizon Enterprise Solutions customers. According to KrebsOnSecurity, a “security weakness on its site allowed hackers to grab user contact information” from Verizon.
Four US mobile companies were found selling consumers’ real-time whereabouts to police officials. One service made subscriber whereabouts freely accessible via a free trial bug.
For now, avoid utilising Verizon’s Fios availability chat tool. This page will be updated when Verizon claims the bug is fixed.