Security News > 2021 > October > Verizon’s Visible Wireless Carrier Confirms Credential-Stuffing Attack
On Wednesday, Verizon's Visible - an all-digital, uber-cheap wireless carrier - confirmed what customers have been complaining about on Reddit and Twitter all week: They lost control of their accounts; had their passwords and shipping addresses changed; and some got stuck with bills for pricey new iPhones.
Visible is aware of an issue in which some member accounts were accessed and/or charged without their authorization.
Our investigation indicates that threat actors were able to access username/passwords from outside sources, and exploit that information to login to Visible accounts.
On Monday, when the complaints first started to flood in, Visible said that only a "Small number" of accounts were edited without authorization, and that it was "Working hard to take protective steps to secure these accounts."
From Visible's Monday statement on Reddit: "We don't believe that any Visible systems have been breached or compromised, nor that this unauthorized access to your Visible account is ongoing."
Lawrence advised customers to not only look for MFA when choosing a carrier but also to keep the business' hands off of bank-account details: "When setting up these types of accounts, first and foremost, look for multi-factor authentication options and enable them. Also, be wary of linking bank accounts directly, and if you're using a card, credit cards have better fraud protection than debit cards."
News URL
https://threatpost.com/verizon-visible-wireless-credential-stuffing/175483/