Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the TidBITS Content Network for Apple consultants.

[Updated] Verizon Users: Change Your PIN Immediately

In the latest piece of high-profile security news, PINs associated with 6 million Verizon accounts were exposed on an unsecured server, along with subscriber names. The information came from call logs from landline customers who had contacted Verizon customer service in the last 6 months. Verizon asks for a PIN when you call in to make account changes, so an attacker with that information could not only make unwanted changes to your account, but also hijack your account in such a way as to intercept text messages used for two-factor authentication. (Better 2FA options include a system like Apple’s, which relies on an Apple-managed communications channel to devices you own, or an authenticator app like Google Authenticator, Authy, or 1Password.) If you use Verizon and particularly if you know you have contacted the company recently, log in to your Verizon account or call Verizon to change your PIN as soon as possible.

[Update: Verizon has now issued a statement clarifying that the information was exposed, but not accessed by anyone other than the security researcher who reported the problem. Verizon took pains to note that the data was unrelated to Verizon Wireless, and that the information came from landline customers, contained only a limited number of cell phone numbers for contact purposes, and could not be used on its on to make account changes, rendering the two-factor authentication worry moot.]favicon follow link

 

Comments about [Updated] Verizon Users: Change Your PIN Immediately

To leave a comment, click Add a Comment and then enter the text, your name, and your email address (which won't be displayed). Your comment will appear after you follow a link in the one-time confirmation message we send to verify that you're a real person.
Receive comments via RSS
Jeff Hecht  2017-07-13 17:33
Verizon claims at http://www.verizon.com/about/news/verizon-responds-report-confirms-no-loss-or-theft-customer-information that the data came from its business and wireline services, not its WIRELESS services, so subscribers who only have Verizon cell service are not affected.
Reply
Adam Engst  An apple icon for a TidBITS Staffer 2017-07-17 16:09
Thanks. It seems that the entire situation was overblown by Mashable, so we've clarified above.
Reply