UPDATED 21:49 EDT / OCTOBER 13 2021

SECURITY

Verizon Visible customers targeted in a credential-stuffing attack

Some customers of Visible, the discount pre-paid mobile arm of Verizon Communications Inc., have been hacked in a so-called credential-stuffing attack.

The attack first came to light after customers took to social media to say that hackers had accessed their accounts, changed their information and even ordered phonies using their payment information. Others claimed that unauthorized payments had been deducted by Visible through their PayPal Holdings Inc. and credit card accounts.

Exactly when the attack first took place is unclear, but it may have started over the weekend and then continued into this week.

Visible confirmed the attack today, calling it an issue in which some member accounts were accessed or changed without their authorization. The company said its investigation indicated that threat actors accessed usernames and passwords from outside sources and exploited that information to log into accounts.

The description points to a credential-stuffing attack, which is one in which cybercriminals use stolen usernames and passwords from one organization to access user accounts at another organization. Typically those credentials are obtained through the dark web or hacking forums.

Notable previous credential-stuffing attacks include an attack on State Farm Mutual Automobile Insurance Co. in August 2019 and an attack targeting the Canada Revenue Agency in August 2020.

Along with noting that they have deployed tools to mitigate the issue, Visible told customers that if they use the same username and password across multiple accounts, they should update those details.

“When setting up these types of accounts, first and foremost, look for multi-factor authentication options and enable them,” Bill Lawrence, chief information security officer at risk management firm SecurityGate.io, told SiliconANGLE. “Also, be wary of linking bank accounts directly and if you’re using a card, credit cards have better fraud protection than debit cards.”

Lawrence added that people should never click the box shopping websites have to offer to save credit card information to make the next purchase easier. “That puts your information out there to be lost in each company’s future breach,” he said.

Image: Visible

A message from John Furrier, co-founder of SiliconANGLE:

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Join Our Community 

Click here to join the free and open Startup Showcase event.

“TheCUBE is part of re:Invent, you know, you guys really are a part of the event and we really appreciate your coming here and I know people appreciate the content you create as well” – Andy Jassy

We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.

Click here to join the free and open Startup Showcase event.