Verizon website glitch potentially exposed texting data of any phone number

Shawn Knight

TechSpot Staff
Staff member
A recent report from security researcher Prvsec suggests a simple URL hack may have exposed the texting data of tens of millions of Verizon customers. The vulnerability was fixed last month after the security researcher privately disclosed it to the...

[newwindow="https://www.techspot.com/news/54406-verizon-website-glitch-potentially-exposed-texting-data-of-any-phone-number.html"]Read more[/newwindow]
 

insect

TS Evangelist
As such, no customer information was impacted.
... To their knowledge. I suspect anyone to that point could have downloaded the data without Verizon's knowledge. A bot run on the site could have downloaded everyone's info in a matter of days (or less) just by running from 000-000-0000 through 999-999-9999.

From there, it's just a matter of parsing the CSV data (which wouldn't be too difficult given the standard template Verizon uses for everyone), data-basing it, and searching it.
 

captaincranky

TechSpot Addict
I don't believe it's as simple as "000-000-0000". All Verizon's billing info contains 2 additional sets of numbers, adding "-000-00X" as a suffix.

Although who knows if the 2 data streams require all characters. The billing stream does, I simply don't know about the mobile.