Your Verizon Call Logs Might Not Be Safe

Could Strangers See Your Call Log?

Ever wonder if someone could secretly peek at your phone records? A bug in Verizon’s Call Filter app made that a real possibility. The glitch lets people access incoming call logs for numbers they didn’t own just by tweaking one detail in a request.

The app was supposed to block spam calls, not share your private info. Millions of Verizon users had this app running on their phones. For a while, anyone with basic tech skills and a valid account could see who was calling someone else.

The App You Didn’t Know You Had

Call Filter comes pre-installed on most Verizon phones, both iPhones and Androids. You might not even realize it’s on your device, running in the background from the day you turn your phone on.

It’s designed to help users block spam and robocalls. But while it silently handled that job, it was also sitting on a major vulnerability. Because it’s free and enabled by default, millions had it active without setting it up themselves.

The Researcher Who Spotted It

Evan Connelly, a cybersecurity researcher, uncovered the problem. While testing the iOS version of Verizon’s Call Filter, he found something strange in how the app handled data.

Even though he tested only on Apple devices, the bug was in the server’s backend, not the app so that Android users may have been exposed to it, too. Connelly has a history of finding overlooked security holes. He knew right away this one had the potential to affect millions.

What Went Wrong Behind the Scenes

Apps like Call Filter communicate with servers through an API like a digital messenger. That’s how your phone checks in to grab your latest call info.

The problem? The API wasn’t properly verifying who was asking for the data. It assumed that anyone with a valid token could access any call history. That meant if someone changed the phone number in the request, the system didn’t block it.

How Easy Was It to Exploit?

Surprisingly, it wasn’t difficult to abuse. All someone needed was a valid account and a bit of curiosity. They could intercept the app’s request to the server, swap out the phone number, and get someone else’s call log.

There was no check in place to stop this kind of tampering. You didn’t need to hack anything, guess passwords, or tweak the information being sent. It was like changing the delivery address on a package and still getting it sent.

This Wasn’t Just a Tech Glitch

It sounds like a technical bug, but the real-world impact could be big. Consider what a call log reveals: who contacts you, when they reach out, and how often they call.

That kind of data can be used to profile someone. It could expose sources, contacts, or patterns for high-profile people like journalists, politicians, or activists. Even for everyday people, it’s unsettling. Someone could guess when you’re home, asleep, or at work.

Call Logs Tell Personal Stories

On the surface, call logs might not seem like a huge deal. No names, no recordings, just numbers and times, right? But it doesn’t take much to piece together someone’s habits.

A repeated number could be a therapist, a secret contact, or even an unknown relative. Frequent calls at specific times paint a picture of someone’s daily life. Add that up across days or weeks, and you get a full map of someone’s routines.

High-Value Targets Were at Risk

Not all phone users are equal when it comes to privacy risks. Some people, like reporters, activists, or law enforcement, deal with sensitive situations daily. A leak of their call data could be a serious threat.

An attacker could monitor when a journalist spoke to a whistleblower or trace calls to a government office. Patterns in call times could reveal locations or planned meetings. And if someone was being followed, call logs could help confirm their schedule.

Millions May Have Been Exposed

Verizon serves over 140 million wireless subscribers. The Call Filter app is installed by default on many of their phones, and many users never turn it off.

Given Verizon’s extensive subscriber base and the default installation of the Call Filter app on many devices, many users were potentially exposed to this vulnerability. And since Verizon hasn’t shared how long the vulnerability existed, there’s no clear way to know how many call histories were accessed or could have been.

Verizon’s Fix Came Quietly

Verizon fixed the issue in March 2025 after being alerted by the researcher. They coordinated with the app’s developer to push out a patch.

They said there’s no sign anyone exploited the flaw, but they also didn’t explain how long it was active or how they knew it wasn’t used. The fix came fast but quietly. There was no major public warning.

Who’s Really Behind the App?

Even though it’s branded as a Verizon app, Call Filter was developed by Cequint, a company specializing in caller ID and spam filtering services. At the time of reporting, Cequint’s website was inaccessible, raising questions about the transparency and security of user data managed by third-party developers.

That raises questions about how secure and transparent the systems handling your phone data are. When big brands rely on smaller partners for tech, oversight becomes even more important.

The Role of JWT Tokens

The app used a common JWT (JSON Web Token) system to confirm user identity. It is comprised of three parts and is used by many apps to authorize users.

However, in this case, the token wasn’t double-checked against the requested phone number. That means someone could use their login but ask for someone else’s data.

Missing Limits Made It Worse

The researcher found no sign of rate limits in place to prevent abuse. That means someone could send hundreds or thousands of requests to gather call data without being stopped.

Many secure APIs limit how fast or how often users can make requests. That helps catch bots or attackers scraping large amounts of info. But here, it seemed like there was no such protection. That’s a big oversight when you’re dealing with personal call data.

Are Other Apps This Vulnerable?

This kind of flaw isn’t unique to Verizon. If not carefully designed, any app that uses APIs to move personal data could have similar risks.

Many apps skip over thorough security testing, especially when rushed to market. And users often assume that big brands automatically mean safe apps. But even tech giants can miss serious bugs.

Bigger Than Just a Bug

This wasn’t just a small mistake; it reflects a larger issue. Verizon trusted another company to handle sensitive call data, and the process lacked a critical security step.

That’s what makes the story so important. It’s not about blaming one engineer or one line of code; it’s about ensuring customer privacy is taken seriously. When companies skip security steps or rely too much on third parties, users pay the price.

Curious how other tech giants are handling security flaws? Check out how Microsoft tackled a similar bug in Power Pages.

Time to Rethink Phone Privacy

Phones are like digital diaries. They hold your messages, your photos, your calls, your life. This bug felt like a breach, even if it wasn’t widely exploited.

It’s a wake-up call for users and companies. People trust their carriers to keep their data safe, not just offer strong signals. And when that trust is shaken, it’s hard to rebuild. So next time an app asks for more permissions or promises to “protect you from spam,” take a closer look.

Worried your phone might’ve been compromised? Here’s how to check if it was hacked, don’t miss these signs.

Would you be shocked if your call logs were exposed? Hit the like button and share your thoughts below.

Read More From This Brand:

• Hackers Target Unpatched ServiceNow Bugs
• Bybit Hackers Successfully Launder Bulk of $1.4B Heist
• Fake Tech Jobs Used by North Korean Hackers

Don’t forget to follow us for more exclusive content right here on MSN.

If you liked this story, you’ll LOVE our FREE emails. Join today and be the first to get stories like this one.