Verizon’s Visible Cell Customers Hacked, Leading to Unauthorized Purchases | GeekComparison

Verizon's Visible Cell Customers Hacked, Leading to Unauthorized Purchases

Numerous Visible Wireless subscribers are reporting that their accounts have been hacked this week. Visible runs on Verizon’s 5G and 4G LTE networks and is owned by Verizon.

Suspicions of a data breach at Visible started Monday when some customers saw unauthorized purchases on their accounts:

On the Visible subreddit, users reported seeing unauthorized orders from their accounts:

Visible customer:
enlarge Visible customer: “Hacked yesterday, order still shipped!!!”

Social media was also full of reports from customers who received no response from Visible for days

Credential stuffing likely, company says

In an email sent to customers yesterday and made public, Visible shared what it believes was causing the hacks.

“We learned of an incident where information about some member accounts was changed without their consent. We are taking protective measures to secure all affected accounts and prevent further unauthorized access,” Visible said in the announcement. “Our investigation indicates that threat actors accessed username/passwords from outside sources and misused that information to log into Visible accounts. If you use your Visible username and password for multiple accounts, including your bank or other financial accounts, we recommend updating your username/password with those services.”

The company’s wording suggests that customer data was obtained from a leaked or compromised third-party database and then used to access customer accounts, a practice known as credential stuffing. The company advises customers to reset passwords and security information and will ask users to re-validate payment information before making further purchases.

But an expert has sow doubts on the credential-stuffing theory, noting that Visible admitted in a tweet this week that it had “technical issues” with its chat platform, with the company being temporarily unable to make changes to customer accounts. Visible has since deleted his tweet.

Did Visible know since last week?

Although Visible made a public statement yesterday, the company first acknowledged the issue on Twitter on October 8. At the time, Visible gave a vague reason: order confirmation emails incorrectly sent by the company.

“We’re sorry for the confusion this may have caused! There was an error sending this email to members, please ignore it,” the company told a customer.

Visible initially responded to the concerns on October 8.
enlarge Visible initially responded to the concerns on October 8.

A Visible customer reacted angrily to the delay, saying, “This response is completely irresponsible given that you are currently under attack and you know that MANY users have had their accounts hacked.”

Visible says customers cannot be held liable for unauthorized charges. “If there is an incorrect charge on your account, you will not be held responsible and the charges will be reversed,” the company said.

Visible customers affected by the incident should check for suspicious transactions and change their passwords both on their Visible account and on other websites where they have used the same credentials.

Leave a Comment