Search This Blog

Powered by Blogger.

Blog Archive

Labels

Verizon’s Visible Network Acknowledges Credential Stuffing Attack

Verizon confirmed the attack after multiple users voiced their complaints on Reddit and other social media sites.

 

Visible, an all-digital wireless carrier has finally acknowledged that attackers secured access to customer accounts last week. However, the firm denied the rumors of any intrusion on its backend infrastructure.

US-based firm, which is owned by Verizon, acknowledged the attack after multiple users voiced their complaints on Reddit and other social media sites, saying that attackers hacked their Visible accounts, changed login passwords, updated shipping addresses, and then bought and charged new smartphones to the compromised accounts. 

After facing severe criticism, a Visible spokesperson came forward and confirmed the attack in a Twitter thread, writing that the company was "aware of an issue in which some member accounts were accessed and/or charged without their authorization."

"As soon as we were made aware of the issue, we initiated a review and deployed tools to mitigate the issue, enabling additional controls to further protect our members. Our investigation indicates that threat actors were able to access username/passwords from outside sources, and exploit that information to login to Visible accounts," the company claimed. 

The carrier is now urging affected customers to contact them and change the account password immediately. 

"I spotted a $1,175.85 charge to my account coming from Visible. Upon examining further, I discovered a 128GB iPhone 13 Pro Max that had been purchased and sent to an address in New York City, far away from my home in the DC/Virginia area," the company’s user wrote on Reddit account.

"Visible basically offered nothing. I asked them what the hell is this, and they asked me if I had the order number. I said no, since my entire account was hijacked and the emails don't come to me. I asked if I can be given access to my account again, and they said 'We're not sure.' I should be hearing back within 24-48 hours," the user wrote.

In a later message on Reddit, the company denied the allegations of any breach or exploit, claiming that only "a small number of member accounts was changed without their authorization. We don't believe that any Visible systems have been breached or compromised, nor that this unauthorized access to your Visible account is ongoing," the company stated.

"However, for your protection, we recommend you review your account contact information and change your password and security questions to your Visible account. We also recommend that you review any other accounts that share the same email, login, or password, and make any changes you determine necessary to secure those accounts," the firm advised. 

Earlier this year in August, cybercriminals targeted T-Mobile's systems, exposing the sensitive information of more than 50 million current, former, and prospective customers. This indicates that cybercriminals are oozing with confidence and are not hesitating in taking down the big firms.
Share it:

Credential Stuffing

Cyber Attacks

User Privacy

User Security