Visible, a Verizon-owned MVNO (mobile virtual network operator), may have been hacked. Over the last few days, some users have reported illegal access to their Visible accounts.
The hackers updated their account information and, in some cases, purchased new phones using their payment information, according to XDA, which has gathered user complaints on Twitter and Reddit. Visible, for the uninitiated, is a low-cost cell service that runs on Verizon’s network. It’s a “all-digital” service, which means it has no physical location.
On Monday, news of the alleged data breach began to circulate. Customers who have been affected by Visible say they have gotten emails informing them of password and address changes. Hackers have allegedly modified the email address connected with some users’ accounts, according to several users.
Worse, several of them claim that the hackers utilized the payment method maintained in their accounts to order new phones valued over $1,000.
@Visible I was just hacked! They sent themselves a phone and changed my address! Urgent!’ How do i@stop this!!!! HURRY!!
— Kelley (@ksmrz77) October 12, 2021
The data leak has yet to be formally acknowledged by Visible. However, a Visible employee on Reddit claimed that the hack only affected a “small number” of users and that the company’s systems had not been infiltrated or compromised.
This shows that the attackers are gaining access to the accounts using credentials stolen in earlier data breaches. It’s a practice known as credential stuffing, according to XDA.
Some impacted users, on the other hand, claim to have utilized password management programs to generate random passwords for their Visible accounts. They’d never saved or used those passwords before. These allegations hint to a possible security breach on the company’s part once more. However, we’ll have to wait for an official announcement to know for sure.
Visible doesn’t acknowledge but is aware of this data breach
This unlawful access to user accounts is no longer ongoing, according to the aforementioned Visible employee. Users should replace or reset their passwords, according to the company.
However, the corporation appears to have disabled the password reset system as well as changes to payment information. This indicates that the MVNO is aware of the compromise, even if it hasn’t made it public yet.
Meanwhile, Visible claims that their customer care platform is having technical difficulties. The company is unable to make any adjustments to the accounts that are currently affected. Affected users are being directed to send a DM by the official customer service team.
However, this appears to be ineffective, leaving people concerned. It is undeniably taking far too long to handle the problem. Any formal message from the corporation regarding this occurrence will be monitored.
The damage may have been minimized only if Visible had implemented 2FA (two-factor authentication). Hopefully, the corporation will take user security more seriously as a result of this occurrence.