• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • Daily Security Bytes
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Verizon Pin Leak – Daily Security Byte

July 14, 2017 By Corey Nachreiner

Another company has leaked millions of customer records. This time, however, hackers weren’t to blame. Rather, a company partnering with Verizon placed these records in a publicly available Amazon AWS S3 bucket, where anyone with the right URL could access them. Sometimes, simply misconfigurations create huge security problems. Watch the video below for a few more details about this incident (as well as a special message).

Episode Runtime: 2:35

Direct YouTube Link: https://www.youtube.com/watch?v=juZ-CJg2F-g

EPISODE REFERENCES:

  • Parnter exposes millions of Verizon accounts –  Upguard
  • Exposed Verizon data may help in other hacks –  Help Net Security
  • Verizon leak exposes 14 million records – Geekwire

Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Featured, Security Bytes Tagged With: breaches

Comments

  1. Greg says

    July 14, 2017 at 3:02 pm

    What is CrimsonThorn?

    Reply
    • Corey Nachreiner says

      July 14, 2017 at 4:05 pm

      You can see a blurb on our main company page (https://www.watchguard.com/) for a bit more, but in short, it is the entry point for a puzzle challenge/contest we are doing at Blackhat Las Vegas this year. I will post a video with more detail on it next week. If you are coming to Blackhat, starting the puzzle with give you a head start to winning the contest. If you aren’t, it’s still a fun challenge, and something we will likely expand on for non-Blackhat attendees in the future.

      Reply
      • Greg says

        July 14, 2017 at 5:22 pm

        Funny, it got me all suspicious and I wouldn’t even go to the link until I could fire up my VM and do it in there after I took a snapshot.

        Reply
        • Corey Nachreiner says

          July 14, 2017 at 5:38 pm

          That is probably a good instinct to have… In general, you never know how ppl will phish. Plus, the page requires javascript (in order for our terminal emulator to work), which could also make you suspicious. So always good to have some suspicion. That said, don’t worry. It is a legit page made by my team for this puzzle contest / alternate reality game. ^_^

          Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • USA’s Answer to GDPR
  • Rolling PWN
  • Hacker Summer Camp 2022

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Hacker Summer Camp 2022
  • Private Sector Offensive Actors
  • USA’s Answer to GDPR
  • Rolling PWN
  • Over a Billion Records Leaked in Shanghai National Police Database Hack
View All

Search

Archives

Copyright © 2022 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use