Verizon site flaw allowed access to records - 08/15/05 06:42 PM
NEW YORK (AP) -- Verizon Wireless customers who signed up for online billing services were able to peek at some details of others' accounts due to a Web site programming error that was caught by a customer and fixed this week, a company spokesman said Thursday.
The flaw allowed customers who punched in another user's phone number to see how many airtime minutes that person had used, as well as the number of free minutes they had remaining for the month, spokesman Tom Pica said. Snoopers could also learn what cell phone model a customer used.
All users who registered to use the "My Account" system were affected by the glitch, which could have been in place for as long as five years, Pica told The Associated Press. It did not appear that anyone had taken advantage of the error to pry into individual accounts, he said.
Pica said there was no indication that "sensitive customer information" such as financial information, call records and addresses, had been at risk.
But Jonathan Zdziarski, the software developer who notified the phone company of the problem, said that the programming flaw exposed account balances and the date of the most recent payment, the Washington Post reported in Friday's editions. The company would not confirm the claim.
The Georgia-based developer discovered the problem while writing a computer program that would automatically access his online account and report the number of cell phone minutes he had used, the Post said.
Source
The flaw allowed customers who punched in another user's phone number to see how many airtime minutes that person had used, as well as the number of free minutes they had remaining for the month, spokesman Tom Pica said. Snoopers could also learn what cell phone model a customer used.
All users who registered to use the "My Account" system were affected by the glitch, which could have been in place for as long as five years, Pica told The Associated Press. It did not appear that anyone had taken advantage of the error to pry into individual accounts, he said.
Pica said there was no indication that "sensitive customer information" such as financial information, call records and addresses, had been at risk.
But Jonathan Zdziarski, the software developer who notified the phone company of the problem, said that the programming flaw exposed account balances and the date of the most recent payment, the Washington Post reported in Friday's editions. The company would not confirm the claim.
The Georgia-based developer discovered the problem while writing a computer program that would automatically access his online account and report the number of cell phone minutes he had used, the Post said.
Source