Visible Data Breach: Hackers Access User Accounts - Verizon Network

Visible Cellular Accounts Compromised in Security Incident

Visible, the Verizon-owned mobile carrier, has acknowledged a security breach resulting in unauthorized access and fraudulent charges to user accounts.

Initial Reports of Account Hijacking

The incident surfaced earlier this week when numerous Visible customers reported compromised accounts on social media platforms. Many users discovered unauthorized changes to their email addresses and passwords.

Several customers detailed unexpected charges appearing on their Visible accounts. One user on the Visible subreddit reported the fraudulent purchase of an iPhone using their linked PayPal account.

Credential Stuffing Attack Suspected

Visible initially refrained from commenting, but later confirmed via Twitter that “threat actors” gained access by exploiting usernames and passwords obtained from external sources.

This suggests a credential stuffing attack, where stolen login credentials are used to access accounts through automated login attempts. Such attacks typically utilize lists of compromised usernames, email addresses, and associated passwords.

Lack of Two-Factor Authentication Highlighted

While Visible indicates its systems weren't directly breached, the absence of two-factor authentication (2FA) has been widely criticized. 2FA could have potentially prevented these account takeovers.

Requests for comment regarding the implementation of 2FA have been sent to Visible by TechCrunch, but a response is still pending.

The company has not yet disclosed the total number of affected users.

Visible's Response and Mitigation Efforts

In a statement to The Verge, Visible stated they were alerted to unauthorized account access and charges. Immediate action was taken to investigate and deploy tools to mitigate the issue and enhance customer protection.

Protecting customer information is a top priority, according to Visible. They emphasized that they will never request passwords, security questions, or account PINs via phone.

Customers suspecting a compromised account are advised to contact Visible through the chat feature on visible.com.

New Security Measures Implemented

Visible has informed customers that all future purchases will require re-validation of payment information as an additional security layer.

Users are also strongly encouraged to reset their passwords, especially if they reuse the same password across multiple online services.

Here's a summary of recommended actions:

• Reset your Visible password.
• Re-validate your payment information.
• Avoid password reuse across different accounts.