UPDATED 21:49 EST / OCTOBER 13 2021

SECURITY

Verizon Visible customers targeted in a credential-stuffing attack

Some customers of Visible, the discount pre-paid mobile arm of Verizon Communications Inc., have been hacked in a so-called credential-stuffing attack.

The attack first came to light after customers took to social media to say that hackers had accessed their accounts, changed their information and even ordered phonies using their payment information. Others claimed that unauthorized payments had been deducted by Visible through their PayPal Holdings Inc. and credit card accounts.

Exactly when the attack first took place is unclear, but it may have started over the weekend and then continued into this week.

Visible confirmed the attack today, calling it an issue in which some member accounts were accessed or changed without their authorization. The company said its investigation indicated that threat actors accessed usernames and passwords from outside sources and exploited that information to log into accounts.

The description points to a credential-stuffing attack, which is one in which cybercriminals use stolen usernames and passwords from one organization to access user accounts at another organization. Typically those credentials are obtained through the dark web or hacking forums.

Notable previous credential-stuffing attacks include an attack on State Farm Mutual Automobile Insurance Co. in August 2019 and an attack targeting the Canada Revenue Agency in August 2020.

Along with noting that they have deployed tools to mitigate the issue, Visible told customers that if they use the same username and password across multiple accounts, they should update those details.

“When setting up these types of accounts, first and foremost, look for multi-factor authentication options and enable them,” Bill Lawrence, chief information security officer at risk management firm SecurityGate.io, told SiliconANGLE. “Also, be wary of linking bank accounts directly and if you’re using a card, credit cards have better fraud protection than debit cards.”

Lawrence added that people should never click the box shopping websites have to offer to save credit card information to make the next purchase easier. “That puts your information out there to be lost in each company’s future breach,” he said.

Image: Visible

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU