Technology

Verizon’s Seen Cell clients have been hacked leading to unauthorized purchases

verizons-seen-cell-clients-have-been-hacked-leading-to-unauthorized-purchases

Numerous Visible Wireless subscribers report that their accounts have been hacked this week. Visible runs on Verizon’s 5G and 4G LTE networks and is owned by Verizon.

Suspicion of a data breach at Visible began on Monday when some customers saw unauthorized purchases on their accounts:

@Visible i just got hacked! You sent yourself a phone and changed my address! Urgently!’ How can I stop this !!!! HURRY!!

– Kelley (@ ksmrz77) October 12, 2021

On the Visible subreddit, users reported that unauthorized orders were placed from their accounts:

Visible customer: Enlarge / Visible customer: “Hacked yesterday, order still shipped !!!”

Social media was also full of reports from customers who didn’t get a response from Visible for days:

Great, someone hacked my @visible account, bought an iPhone through my PayPal, and changed the password. @visiblecare not responding. Scammers have also tricked me with email spam to trick me into missing out on Visible email notifications.

– Kristian Kim (@kristiankim) October 13, 2021

Credential stuffing likely, the company says

In an email sent to customers yesterday and posted publicly, Visible shared what it believes caused the hacks.

“We learned of an incident in which information on some member accounts was changed without their approval. We are taking protective measures to protect all affected accounts and prevent any further unauthorized access,” Visible said in the announcement. “Our research found that threat actors could access usernames / passwords from external sources and use that information to log into Visible accounts. If you use your Visible username and password across multiple accounts, including your bank or other financial accounts, we recommend using these services to update your username / password. “

advertising

The company’s wording suggests that customer credentials were obtained from a third-party leak or breached database and then used to access customer accounts, a practice known as credential stuffing. The company advises customers to reset passwords and security information, and asks users to re-validate payment information before making any further purchases.

However, one expert has expressed doubts about the credential stuffing theory, pointing out that Visible admitted in a tweet this week about “technical problems” with its chat platform, with the company temporarily unable to make changes to customer accounts. Visible has since deleted his tweet.

Did Visible know since last week?

Despite making a public statement yesterday, Visible first confirmed the problem on Twitter on October 8th. At the time, Visible gave a vague reason: order confirmation emails were incorrectly sent by the company.

“We’re sorry this caused confusion! There was an error sending this email to members. Please ignore it, ”the company told a customer.

Visible initially responded to concerns on October 8th.Enlarge / Visible initially responded to concerns on October 8th.

One Visible customer reacted angrily at the delay, saying, “This response is completely irresponsible as you are currently under attack and MANY are aware of users whose accounts have been compromised.”

Visible says customers will not be held responsible for unauthorized charges. “If your account is mistakenly charged, you will not be held accountable and the charges will be reversed,” the company said.

Visible customers affected by the incident should watch out for suspicious transactions and change their passwords, both in their Visible account and on any other website where they have used the same credentials.

0 Comments