Verizon Patches Security Flaw That Could Have Affected Millions
The vulnerability reportedly required only a simple browser plug-in and an older version of Firefox to let an attacker hijack a Verizon customer's Internet account.Verizon patched an online security vulnerability that could have allowed attackers to take control of some 9 million customers' home Internet accounts. The flaw was repaired in a few hours, according to Verizon, after the company was advised of the problem by the chief security officer of mobile wallet app vendor, Cinder—who, along with a student at a Maryland college, discovered it, according to a May 13 report by Buzzfeed. The vulnerability could have allowed anyone to view the personal information of Verizon home Internet customers by going to the Website using a spoofed IP address, according to the report. The vulnerability existed because Verizon's customer support Website identifies customers through their computers' IP address, and since that is unique to each home Internet customer, an attacker could have identified an individual customer. Using the IP address, an attacker could then potentially have displayed a user's location, name, phone number and email address, the story said. A Verizon spokesman told MarketWatch on May 14 that the company has "no reason to believe that any customers were impacted by this." If any customers are found to have been attacked through the flaw, the company said it will contact those customers.
In April, Verizon released its annual study of security breach activities in the United States and found that there has been little change in the overall threat landscape since 2014, according to an earlier eWEEK report.