Verizon snafu left its 9 million internet users easy targets for hackers

Verizon hack

After Verizon purchased AOL on Tuesday, May 13 for $4.4 billion, the network may already have gotten off to a rough start in the public eye.

BuzzFeed reported a vulnerability in Verizon's website that has existed on the site for weeks, which could have put 9 million of its existing internet users at risk of theft.

Thanks to a tip, BuzzFeed discovered that an error in the telecom's site, which provides services such as email to subscribers, allowed for easy access into any Verizon internet user's personal info.

Verizon has since remedied the issue, explaining it was a coding error that caused the soft spot. Regardless of the damage done, the potential for hacking millions of users' accounts raises a lot of red flags for the company and its customers. And, to make matters worse, exploiting this bug was exceptionally easy – that is, before it was squashed.

The hack

BuzzFeed's Joseph Bernstein detailed how he was able to obtain multiple Verizon accounts (with permissions of course) using a frighteningly simple formula.

By simply finding a user's IP address, which can be seen in the email header sent by a Verizon internet customer, Bernstein was able to simply "spoof" the IP address with a Firefox extension called, "X-Forwarded-For Header", and camouflage his own address with the stolen one. Upon this simple duping of the system, Verizon showcases the unlucky victim's name, email address, location, and phone number, with no more confirmation than the right IP address.

Bernstein then was able to hop on the phone and schmooze with Verizon's customer support to convince them to reset his password, which he describes as "surprisingly easily done." This is because customer support recognizes its customers by their IP address.

Just like that, he was able to get into an account he had no attachments to; free to roam, steal and change whatever he wished.

Of course, BuzzFeed was interested in the safety of others, not their personal information. Regardless, the lapse in security raises some serious questions about the mega network. Had a malicious hacker discovered this, it would have been as simple as following a recipe to sift through a Verizon customers email for bank statements, social security and more.

Admittedly, this all would be less worrisome if it had been a Jesse James-style heist that left the system vulnerable. But it's the simplicity of the exploit that is a stark reminder of the precarious nature of web security.

The company told BuzzFeed in a statement that it has "no reason to believe that any customers were impacted by this," while the bug existed. Unfortunately for Verizon's 9 million home internet customers, they'll have to take their word on it.

Latest in Cyber Crime
A person scanning a QR code on a smartphone
Quishing is the new QR code scam you need to watch out for – here's how to stay safe
Ransomware on the rise: how small and medium-sized businesses can achieve cyber resilience during turbulent times
Ransomware on the rise: how small and medium-sized businesses can achieve cyber resilience during turbulent times
Text Phishing Scams
Do not fall for this dangerous Amazon shopping scam
Cyber-security
Safeguarding against next-gen cyber risks
The North Face jacket
Thousands of North Face customers accounts hacked, personal data stolen
Smartphone hacked with data flow in the background
9 signs your phone has been hacked
Latest in News
Three iPhone 16 handsets on show
Apple could launch an iPhone 17 Ultra this year – but we've heard these rumors before
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough
Ray-Ban smart glasses with the Cpperni logo, an LED array, and a MacBook Air with M4 next to ecah other.
ICYMI: the week's 7 biggest tech stories from Twitter's massive outage to iRobot's impressive new Roombas
Brad Pitt looks over his right shoulder with 'F1' written behind him
Apple Original Films will take you behind-the-scenes of a racing cockpit in this new thrilling F1 movie trailer
AI writer
Coding AI tells developer to write it himself
Reacher looking down at another character from the Prime Video TV series Reacher
Reacher season 3 becomes Prime Video’s biggest returning show thanks to Hollywood’s biggest heavyweight