Hundreds of thousands of cell phone bills and other documents belonging to AT&T, Verizon and T-Mobile customers were reportedly exposed after a Sprint contractor left them sitting on an open public server.
The documents had been collected and stored in the first place as part a marketing effort to persuade subscribers of rival carrier services to switch to Sprint, TechCrunch reported yesterday, identifying the contractor as marketing agency Deardorff Communications.
Discovered by the U.K.-based penetration testing company Fidus Information Security, the data set included 261,300 total documents, the majority of which were bills that contained customers’ names, addresses, phone numbers and, in many cases, call histories. Other docs that TechCrunch observed included a bank statement, and a screenshot of a web page displaying subscribers’ usernames, passwords and account PINs.
Fidus reported the data leak to Amazon, which in turn informed Deardorff. Jeff Deardorff, president of Deardorff Communications, told TechCrunch that the storage bucket was secured as of Wednesday, and that his company is investigating the incident as well as reviewing its policies and procedures. Sprint spokesperson Lisa Belot, meanwhile, told TechCrunch that it was “assured that the error has been corrected.”