Skip to main content

Security researcher discovers simple way to access Verizon ISP accounts

verizon vulnerability left millions of users at risk
Image used with permission by copyright holder
A new report has been released which claims that armed with nothing more than a spoofed IP address and a phone number, anyone could access private customer information contained within the Verizon database.

The vulnerability was somehow discovered by BuzzFeed, of all places, which worked closely with Verizon to get the gap closed once they had a chance to evaluate the details of the breach.

The site received a tip-off from the CIO of the security firm Cinder, Eric Taylor, who had been testing the technique for a number of weeks before cluing BuzzFeed into the operation. The trick combines a minor amount of technical skill with classic social engineering tactics by spoofing an IP address of a Verizon customer, and then contacting the Verizon help center through the Internet provider’s website.

As long as the hacker has the phone number and address of their intended victim (something that’s easy to glean from emails or social engineering tactics), the Verizon chat center would automatically open the account as long as it detected that the IP address being used to connect matched up.

Verizon says it has a system in place designed to prevent this sort of problem from putting customers at risk, in the form of a PIN code that must be entered whenever a customer support representative is handing over sensitive information. The problem is this lock can be easily subverted as long as the hacker has access to an answer for one of the three security questions that are tied to a particular account.

According to Verizon, the error occurred due to a problem with the code of its website that was implemented on April 22nd, and has since been patched up after the company was contacted both by BuzzFeed and Taylor personally.

Editors' Recommendations

Chris Stobing
Former Digital Trends Contributor
Self-proclaimed geek and nerd extraordinaire, Chris Stobing is a writer and blogger from the heart of Silicon Valley. Raised…
Samsung’s 4K monitor can be used landscape or portrait, and it’s $700 off
A gamer sits in front of the Samsung Odyssey ARK monitor.

If you're looking for one of the most interesting gaming monitor deals we've seen for a while, then you might consider this gargantuan 55-inch Samsung Odyssey Ark. If you aren't familiar with the Odyssey Ark, it's a very unique monitor, even by Samsung's standards, especially since it's been built from the ground up to work perfectly in vertical mode. That doesn't mean you can't use it in horizontal mode; if anything, you get an incredibly tall and wide-screen experience when gaming or watching movies, but you also can set it up vertically so that it's like having three screens on top of each other.

Of course, having the latest and greatest technology comes at a price, especially with something this massive. While it usually goes for $2,700, Samsung is currently discounting it down to $2,000, which means a substantial $500 discount. Even so, the discount price is still a lot of money to ask for, but if you're looking for one of the best screens in the market, then it's hard to beat the Odyssey Ark, and you'll see why we feel that way below.

Read more
Trump’s lawyer brought a gaming laptop to $250M fraud trial
A tweet showing Trump's lawyer with a gaming laptop.

We've seen gaming laptops in classrooms and out in the wild on public transportion, but we've never expected to spot an Asus ROG laptop in a courtroom -- especially in the hands of an attorney representing former President Donald Trump. Still, there it was, with RGB lighting changing colors all throughout the first day of Trump's $250 million fraud trial in New York.

The unidentified laptop in question belongs to Alina Habba, one of Trump's attorneys, and it was first spotted by Ryan Rigney, a marketing director at a game development company called Odyssey Studio. Rigney took to Twitter to share his findings, claiming that we're looking at an Asus laptop with an Nvidia RTX 2070 Ti inside. The RTX 2070 Ti doesn't exist, so Rigney is most likely talking about the RTX 2070 Super.

Read more
Bing Chat just beat a CAPTCHA used to stop hackers and spammers
A depiction of a hacker breaking into a system via the use of code.

Bing Chat is no stranger to controversy -- in fact, sometimes it feels like there’s a never-ending stream of scandals surrounding it and tools like ChatGPT -- and now the artificial intelligence (AI) chatbot has found itself in hot water over its ability to defeat a common cybersecurity measure.

According to Denis Shiryaev, the CEO of AI startup, chatbots like Bing Chat and ChatGPT can potentially be used to bypass a CAPTCHA code if you just ask them the right set of questions. If this turns out to be a widespread issue, it could have worrying implications for everyone’s online security.

Read more