Verizon-owned wireless carrier Visible confirms account hacks, denies breach
Visible, an all-digital wireless service provider based in the US and owned by Verizon, confirmed today that hackers gained access to customer accounts, but the company denied any breach of its backend infrastructure.
The carrier's confirmation comes after multiple customers complained about losing access to their Visible accounts in posts made on Reddit and Twitter on Tuesday.
Customers said that hackers broke into their Visible accounts, changed login passwords, updated shipping addresses, and then bought and charged new smartphones to the hacked accounts.
On Wednesday, after more than a day of non-stop complaints, the carrier finally confirmed the hacks in a message sent to affected customers.
According to a copy of the message seen by The Record, the company claims that the account intrusions took place after hackers used login details from data breaches at other companies — also known as credential stuffing attacks.
Visible is aware of an issue in which some member accounts were accessed and/or charged without their authorization. As soon as we were made aware of the issue, we immediately initiated a review and started deploying tools to mitigate the issue and enable additional controls to further protect our customers.Visible
Our investigation indicates that threat actors were able to access username/passwords from outside sources, and exploit that information to login to Visible accounts. If you use your Visible username and password across multiple accounts, including your bank or other financial accounts, we recommend updating your username/password with those services.
The carrier is now asking users to change their passwords.
In addition, the company also announced updates to its purchasing process, which will now require specific user interaction.
Moving forward, any purchases will require you to re-validate your payment information as an added security measure. If there is a mistaken charge on your account, you will not be held accountable, and the charges will be reversed.Visible
A Visible spokesperson told The Record that the company plans to notify attorney general offices across the US once it finishes its investigation.
Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.