Security News > 2021 > October > Verizon’s Visible Wireless Carrier Confirms Credential-Stuffing Attack
On Wednesday, Verizon's Visible - an all-digital, uber-cheap wireless carrier - confirmed what customers have been complaining about on Reddit and Twitter all week: They lost control of their accounts; had their passwords and shipping addresses changed; and some got stuck with bills for pricey new iPhones.
Visible is aware of an issue in which some member accounts were accessed and/or charged without their authorization.
Our investigation indicates that threat actors were able to access username/passwords from outside sources, and exploit that information to login to Visible accounts.
On Monday, when the complaints first started to flood in, Visible said that only a "Small number" of accounts were edited without authorization, and that it was "Working hard to take protective steps to secure these accounts."
From Visible's Monday statement on Reddit: "We don't believe that any Visible systems have been breached or compromised, nor that this unauthorized access to your Visible account is ongoing."
Lawrence advised customers to not only look for MFA when choosing a carrier but also to keep the business' hands off of bank-account details: "When setting up these types of accounts, first and foremost, look for multi-factor authentication options and enable them. Also, be wary of linking bank accounts directly, and if you're using a card, credit cards have better fraud protection than debit cards."
News URL
https://threatpost.com/verizon-visible-wireless-credential-stuffing/175483/
Related news
- Retail chain Hot Topic hit by new credential stuffing attacks (source)
- Roku warns 576,000 accounts hacked in new credential stuffing attacks (source)
- Okta warns of "unprecedented" credential stuffing attacks on customers (source)
- Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks (source)
- Week in review: PoCs allow persistence on Palo Alto firewalls, Okta credential stuffing attacks (source)