Thanks to a URL mistake, texting data for Verizon customers could have been viewed by anyone.
Nothing is completely private anymore, but when we use a service or device that has pervaded our daily lives, we expect there will be certain safeguards to keep our information from getting out. A URL exploit may have exposed texting data for Verizon customers, security researcher Prvsec reported. Prvsec reported the problem to Verizon, who fixed the problem in over a month and did not disclose the the issue for another month.
When downloading a file of the time, date, and recipient of texts on Verizon’s “download to spreadsheet” function, a person could easily find data on others by simply changing the phone number in the URL. The spreadsheet would contain the numbers of people the user had texted, potentially exposing the phone numbers of many other people.
A Verizon representative said the company “takes customer privacy seriously” and “no customer information was impacted.”
The Prvsec researcher reports having a difficult time even contacting Verizon to inform the security team of the glitch. A lengthy process stood in the way of contact, and Verizon did not update the status of the bug for months. “They need to make it easier to reach out,” Prvsec said. Prvsec was only able to get Verizon’s attention through LinkedIn. Verizon now has an email contact for security issues.
