Let's say you're a malcontent looking to screw with a particular Verizon customer. Your first step would've been to obtain that person's IP address. That's simple enough: As BuzzFeed points out, a quick peek at the headers of an email sent from a Verizon account would reveal its originating IP address. From there, a browser extension could be used to "spoof" Verizon's customer service website by masking your own IP address with the one you sniffed out from that email. Thing is, that Verizon site was built to recognize when someone with a Verizon IP address swings by, and erroneously displayed "things like your location, your name, your phone number, and your email address" without any additional prompting. Once those pieces were obtained, it would've been trivial for anyone to do a little social engineering, just as BuzzFeed's Joseph Bernstein did. After a call to Verizon's customer service line, he was able to talk a representative into resetting the password associated with a volunteer's Verizon account. Voilà: Almost completely painless access to someone else's service and billing information.
Fixed or not, the sheer simplicity of intrusion thanks to a botched software update is more than a little scary -- it's not uncommon for attackers to use breached accounts as a starting point from which they go after others. We're sure Verizon will quietly look into things and see if any innocent customers caught flak thanks to this multi-week oversight, but hey, you could always tell us about it first.