Verizon left security researcher hanging while reported URL hack revealed subscribers' texting history (updated)
By Joseph Volpe posted Oct 21st, 2013
Long wait times and a complete lack of transparency -- no, this isn't a story about a typical call to Verizon customer support. It's what happened when a security researcher discovered a critical privacy vulnerability on Verizon's consumer site and tried, nearly in vain, to get it patched. Back in August, researcher PRVSEC found that a simple URL exploit could allow any subscriber using the site's 'Download to SpreadSheet' function to access any other user's texting history. The hack required nothing more than swapping a subscriber's cell number into the code to view information like date, time, sendee and message status -- actual contents of the SMS or MMS sent could not be accessed.