Visible, a Verizon-owned all-digital wireless operator operating in the United States, announced that hackers have accessed customer accounts, but denied any intrusion into its back-end infrastructure.
This confirmation comes in response to complaints posted by several customers on Reddit and Twitter that they have lost access to their “Visible” accounts.
A hacker hacks into your “Visible” account, changes your login password, updates your shipping address, and then purchases a new smartphone. The user stated that the hacked account had been charged.
After receiving complaints for over a day, the next day the carrier finally admitted to the hack in a message sent to the targeted customers.
According to a copy of the message, the company claims that the account breach occurred as a result of hackers using login credentials obtained from another company’s data breach (also known as a credential stuffing attack).
Visible has commented that they are aware of an issue where some of their members’ accounts have been illegally accessed and charged. After becoming aware of this issue, we immediately began investigating and implementing tools to mitigate the problem. The company states that it has enabled additional controls to further protect its customers.
The investigation revealed that the attacker had accessed the username/password from an outside source and exploited the information to log into the Visible account. If you use your Visible username and password for multiple accounts, including banks and other financial institutions, we recommend that you update your username/password for those services.
Carriers are asking users to change their passwords.
We also announced an update to the purchase process, which will now require user interaction.
From now on, you will need to reconfirm your payment information as a security measure when making a purchase. In the unlikely event that your account has been incorrectly charged, you will not be held responsible and the charge will be reversed.
A Visible spokeswoman said the company plans to notify the U.S. attorney’s office as soon as the investigation is complete.