Numerous Visible Wireless subscribers report that their accounts have been “hacked” this week. Visible works on Verizon’s 5G and 4G LTE networks. Rather than being a Mobile Virtual Network Operator (MVNO), Visible is actually owned by Verizon.
Suspicions of a data breach at Visible began on Monday when some customers saw random unauthorized purchases on their Visible accounts:
@Visible I just got hacked! They sent a phone number and changed my address! Urgent!’ How do I stop this !!!! HURRY!!
– Kelley (@ ksmrz77) October 12, 2021
On the Visible subreddit, users reported seeing unauthorized orders placed from their accounts, with a different shipping address than their own:
Great, someone hacked my @visible account, I bought the iPhone using my PayPal and changed the password. @visiblecare is not responding. The scammer also misled me with spam emails in an effort to make me miss any email notifications from Visible.
– Kristian Kim (@kristiankim) October 13, 2021
Credential stuffing is probably the cause of hacked accounts
In an email sent to customers and a public announcement posted yesterday, Visible shared what could be the cause of these attacks:
“We learned of an incident where the information on some member accounts was changed without their authorization. We are taking protective measures to protect all affected accounts and prevent any other unauthorized access,” Visible said in a ad. “Our investigation indicates that threat actors were able to access username / passwords from external sources and exploit that information to log into Visible accounts. If you use your Visible username and password on multiple accounts, including your bank or other accounts we recommend updating your username / password with those services. “
Rather than a data breach on Visible, the company’s wording makes it appear that the customer’s credentials were obtained from a third-party leak or a breached database and then used to access customer accounts, a practice known as credential stuffing. The company advises customers to reset passwords and security information and will ask users to revalidate payment information before further purchases can be made.
But the experts have cast doubt on theories that this incident was due to credential stuffing, considering that Visible also admitted “technical issues” on its chat platform, with the company briefly unable to make changes to customer accounts this week. The company removed the Visible tweet that mentioned this information.
Did Visible know about the incident since last week?
Although a public statement from Visible arrived yesterday, the company had admitted the issue on Twitter on October 8, if not sooner. Interestingly, a vague reason was provided at the time: the order confirmation emails were mistakenly sent by Visible. “We are sorry for the confusion this may have caused! There was an error sending this email to members, please ignore it.”
A Visible customer reacted angrily to the delay: “This response is completely irresponsible, given that it is currently under attack and is aware of MANY users who have had their accounts compromised.”
Despite the panic generated among the hacked clients, at least one can find relief in the fact that the clients will not be liable for any unauthorized charges. “If there is an erroneous charge on your account, you will not be held responsible and the charges will be reversed,” the company states as the investigation continues.
In addition to monitoring suspicious transactions, Visible customers affected by the incident must change their credentials, both on Visible websites and any other website where they have used the same credentials.