[Updated] Verizon Users: Change Your PIN Immediately
In the latest piece of high-profile security news, PINs associated with 6 million Verizon accounts were exposed on an unsecured server, along with subscriber names. The information came from call logs from landline customers who had contacted Verizon customer service in the last 6 months. Verizon asks for a PIN when you call in to make account changes, so an attacker with that information could not only make unwanted changes to your account, but also hijack your account in such a way as to intercept text messages used for two-factor authentication. (Better 2FA options include a system like Apple’s, which relies on an Apple-managed communications channel to devices you own, or an authenticator app like Google Authenticator, Authy, or 1Password.) If you use Verizon and particularly if you know you have contacted the company recently, log in to your Verizon account or call Verizon to change your PIN as soon as possible.
[Update: Verizon has now issued a statement clarifying that the information was exposed, but not accessed by anyone other than the security researcher who reported the problem. Verizon took pains to note that the data was unrelated to Verizon Wireless, and that the information came from landline customers, contained only a limited number of cell phone numbers for contact purposes, and could not be used on its on to make account changes, rendering the two-factor authentication worry moot.]
Verizon claims at http://www.verizon.com/about/news/verizon-responds-report-confirms-no-loss-or-theft-customer-information that the data came from its business and wireline services, not its WIRELESS services, so subscribers who only have Verizon cell service are not affected.
Thanks. It seems that the entire situation was overblown by Mashable, so we've clarified above.