内容摘要：This story was updated at 1:07 p.m. ET.If you're a Verizon customer, you need to change your PIN &md

This story was updated at 1:07 p.m. ET.

If you're a Verizon customer, you need to change your PIN — the personal identification number you use when contacting customer service — right now.

A security firm revealed on Wednesday that information on millions Verizon accounts was exposed on an unsecured server. The information consisted of the subscriber's name, cellphone number, and the account PIN. The last element is obviously the crucial one: With the PIN, an attacker could fool a customer-service representative into giving them access to a subscriber's account.

SEE ALSO:The NotPetya ransomware may not actually be ransomware at all — it could be something worse

With free access to the account, an attacker could make whatever changes to service that they want, theoretically adding lines or specific features. Targeting wireless accounts is also a key way cyber criminals bypass two-factor authentication (2fa) on third-party services, since many users choose to get verification codes via SMS text messages because of their convenience.

Mashable Light SpeedWant more out-of-this world tech, space and science stories?Sign up for Mashable's weekly Light Speed newsletter.By signing up you agree to our Terms of Use and Privacy Policy.Thanks for signing up!

Initial reports of the breach indicated 14 million accounts were exposed, but Verizon later put out a statement that said the number was actually 6 million. The security company, UpGuard, told Verizon about the exposed data on June 13, and Verizon had dealt with the problem by June 22, CNNreported. UpGuard is the same company that discovered unsecured voter registration data on the servers of an RNC contractor in June.

The exposed customer records were from call logs that get created when a Verizon user contacts customer service. The records go back six months, so only customers who called customer service had their account information compromised. Some PIN numbers were hidden but others were exposed. Verizon says the exposed data was for a "wireline portal," meaning the accounts were for residential and business wireline services (such as FiOS) and not Verizon Wireless. The cellphone numbers were part of the data for contact purposes.

So far Verizon has not provided a way for customers to check whether or not their data was exposed, so the safest thing to do right now is to change your PIN.

An Israeli company, Nice Systems, mistakenly designated the data, which was stored on an Amazon S3 server, as "public," ZDNetreported when it broke the story. Wireless carriers like Verizon often contract other companies to manage their customer service calls and the data they generate.

Correction:This piece was updated to reflect the information in Verizon's public statement on the breach, including the number of accounts (6 million), the nature of the accounts exposed, and the level of access a PIN grants.

---

Featured Video For You

---

This prosthetic is an extra thumb you never knew you needed

---