• Contact Us
  • Login
Upgrade
Tech News Hero
Advertisement
  • Home
  • News
  • Gadgets
  • Social
  • Gaming
  • Mobile
  • PC
  • Internet
  • Security
  • Apps
No Result
View All Result
  • Home
  • News
  • Gadgets
  • Social
  • Gaming
  • Mobile
  • PC
  • Internet
  • Security
  • Apps
No Result
View All Result
Tech News Hero
No Result
View All Result
Home News

A Sprint contractor left thousands of US cell phone bills on the internet by mistake – TechNewHero

by technewshero
December 4, 2019
in News
0
Share on FacebookShare on Twitter

A contractor working for cell giant Sprint stored on an unprotected cloud server hundreds of thousands of cell phone bills of AT&T, Verizon and T-Mobile subscribers.

The storage bucket had more than 261,300 documents, the vast majority of which were phone bills belonging to cell subscribers dating as far back as 2015. But the bucket, hosted on Amazon Web Services (AWS), was not protected with a password, allowing anyone to access the data inside.

It’s not known how long the bucket was exposed.

The bills — which contained names, addresses and phone numbers, and many included call histories — were collected as part of an offer to allow cell subscribers to switch to Sprint, according to Sprint-branded documents found on the server. The documents explained how the cell giant would pay for the subscriber’s early termination fee to break their current cell service contract, a common sales tactic used by cell providers.

In some cases we found other sensitive documents, such as a bank statement, and a screenshot of a web page that had subscribers’ online usernames, passwords and account PINs — which in combination could allow access to a customer’s account.

U.K.-based penetration testing company Fidus Information Security found the exposed data, but it wasn’t immediately clear who owned the bucket. Fidus disclosed the security lapse to Amazon, which informed the customer of the exposure — without naming them. The bucket was subsequently shut down.

A Verizon and AT&T phone bill from two customers. (Image: supplied)

A T-Mobile bill found on the exposed servers. A handful of Sprint bills were also found. (Image: supplied)

After a brief review of the cache, we found one document that said, simply, “TEST.” When we ran the file through a metadata checker, it revealed the name of the person who created the document — an account executive at Deardorff Communications, the marketing agency tasked with the Sprint promotion.

When reached, Jeff Deardorff, president of Deardorff Communications, confirmed his company owned the bucket and that access was restricted earlier on Wednesday.

“I have launched an internal investigation to determine the root cause of this issue, and we are also reviewing our policies and procedures to make sure something like this doesn’t happen again,” he told TechNewHero in an email.

Given the exposed information involved customers of the big four cell giants, we contacted each company. AT&T did not comment, and T-Mobile did not respond to a request for comment. Verizon spokesperson Richard Young said the company was “currently reviewing” the matter and would have details “as soon as it’s available.” (TechNewHero is owned by Verizon.)

When reached, a spokesperson for Sprint would not disclose the nature of its relationship with Deardorff nor would they comment on the record at the time of writing.

It’s not known why the data was exposed in the first place. It’s not uncommon for AWS storage buckets to be misconfigured by being set to “public” and not “private.”

“The uptrend we’re seeing in sensitive data being publicly accessible is concerning, despite Amazon releasing tools to help combat this,” said Harriet Lester, director of research and development at Fidus. “This scenario was slightly different to usual as it was tricky to identify the owner of the bucket, but thankfully the security team at AWS were able to pass the report on to the owner within hours and public access was shut down soon after.”

We asked Deardorff if his company plans to inform those whose information was exposed by the security lapse. We did not immediately receive a response.

Read more:

Previous Post

Cabinet Approves Personal Data Protection Bill, to Be Introduced in Parliament This Session

Next Post

This Contactless Portable Wine Decanter Works 6″ Away

technewshero

technewshero

Related Posts

Fluence, the energy storage systems developer, is now worth over $1 billion after QIA investment – TechCrunch
News

Fluence, the energy storage systems developer, is now worth over $1 billion after QIA investment – TechCrunch

by technewshero
January 13, 2021
Elon Musk says SpaceX will attempt to recover Super Heavy rocket by catching it with launch tower – TechCrunch
News

Elon Musk says SpaceX will attempt to recover Super Heavy rocket by catching it with launch tower – TechCrunch

by technewshero
January 14, 2021
2020 will change the way we look at robotics – TechCrunch
News

2020 will change the way we look at robotics – TechCrunch

by technewshero
January 15, 2021
An earnest review of a robotic cat pillow – TechCrunch
News

An earnest review of a robotic cat pillow – TechCrunch

by technewshero
January 16, 2021
Trump vetoes major defense bill, citing Section 230 – TechNewHero
News

Trump vetoes major defense bill, citing Section 230 – TechNewHero

by technewshero
December 24, 2020
Next Post

This Contactless Portable Wine Decanter Works 6″ Away

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Most Popular

Find the hidden benefits of your credit card

Find the hidden benefits of your credit card

January 14, 2021
Donald Trump Could Still Launch Nuclear Weapons at Any Time 

Donald Trump Could Still Launch Nuclear Weapons at Any Time 

December 13, 2020

Q2 is a compact camera with a 47.3-megapixel full frame sensor

June 15, 2019

Browse by Category

  • Apps
  • Gadgets
  • Gaming
  • Internet
  • Mobile
  • News
  • PC & Laptops
  • Security
  • Social
Tech News Hero

© 2020 Tech News Hero.

No Result
View All Result
  • Home
  • Landing Page
  • Buy JNews
  • Support Forum
  • Contact Us

© 2020 Tech News Hero.

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?