Multiple reports of an apparent Verizon Visible hack, with attackers changing shipping addresses, then ordering phones that are charged to payment details held for customers. Visible is a Verizon sub-brand that operates entirely online, meaning that customers cannot seek assistance in-store.
“My account got hacked and they shipped out an iPhone 13 worth $1k that was taken from my PayPal,” wrote one customer …
XDA Developers spotted the reports on Reddit and Twitter.
Visible is a “digital” carrier owned by Verizon, with a greater emphasis on fair pricing and shared plans. The company has gained popularity for its relatively low pricing for unlimited data plans, and earlier this year, Visible introduced 5G service and eSIM support. However, Visible subscribers are now experiencing something a lot less fun than saving money — many accounts are being hijacked, often to purchase phones for whoever obtained access.
Social media sites, especially the Visible subreddit, are currently flooded with reports of Visible accounts being hijacked. In most cases, the email address associated with the account is reset by an unknown attacker, then the payment method on the account is used to order a phone […]
[One said] “I literally signed up for Visible yesterday, and bought an $812 iPhone through their website. I woke up to an email this morning telling me that the email address associated with my account has been changed. […] 7 hours later I got an email saying the shipping address on my account has been changed, and no, I still wasn’t able to log in.”
Visible had not acknowledged the issue at the time of writing, but some users report that both password and account detail changes are now being blocked, which suggests that the carrier is aware of the attack. However, the problem with this is that those whose accounts have already been compromised cannot change their passwords.
In response to one customer calling out the company on Twitter, the Visible support account responded in what might be politely referred to as an informal fashion.
Hi there, friend! Thank you for reaching out to us! We are really sorry for all inconveniences created, we will do our best to give you all the information necessary and to make sure that your account is safe! Please DM us, and we will be more than happy to respond to it! *DB
It should be noted that sometimes what appears to be a data breach at a particular company can in fact be credentials obtained elsewhere, with attackers then trying the same logins on other services. However, multiple Visible customers whose accounts have been compromised state that their passwords are unique to the carrier.
It follows a recent hack of Twitch.tv. You can find advice on cybersecurity in a recent post.
Photo: John Galt
Author: Ben Lovejoy
Source: 9TO5Google
