Visible, a US all-digital wireless carrier owned by Verizon, has confirmed that some customer accounts were breached after threat actors obtained password and login information fr om “outside sources.”
The confirmation comes after some customers complained on social media earlier in the week that their Visible accounts were hijacked. According to users, hackers reset the email address associated with the account to lock them out, and, in some cases, even ordered phones using their payment information.
“My account got hacked and they shipped out a [sic] iPhone 13 worth 1k that was taken from my PayPal,” one Reddit user wrote.
“I literally signed up for Visible yesterday, and bought a [sic] $812 iPhone through their website. I woke up to an email this morning telling me that the email address associated with my account has been changed. […] 7 hours later I got an email saying the shipping address on my account has been changed, and no, I still wasn’t able to log in,” according to another user.
Starting on Monday, multiple customers on both Twitter and Reddit reported that they’d been getting emails from Visible about changed passwords and addresses.
On October 13, the company issued a statement on Twitter, wh ere it said that:
“We're aware of an issue in which some member accounts were accessed and/or charged without their authorization. As soon as we were made aware of the issue, we initiated a review & deployed tools to mitigate the issue, enabling additional controls to further protect our members.”
The company went on to say that the investigation showed that the attackers obtained login info from “outside sources” and used it to login to Visible accounts.
“We don't believe that any Visible systems have been breached or compromised, nor that this unauthorized access to your Visible account is ongoing. However, for your protection, we recommend you review your account contact information and change your password and security questions to your Visible account. We also recommend that you review any other accounts that share the same email, login, or password, and make any changes you determine necessary to secure those accounts,” wrote a Visible employee on Reddit.
Visible is now asking customers to change their passwords. On the downside, it should be noted that the company does not implement two-factor authentication (2FA).
“If you use your Visible username & password across multiple accounts, including your bank/financial accounts, we recommend updating your username/password with those services. Reminder: Visible will never call & ask for your password, secret questions or account PINs.”