Verizon-owned carrier claims username and password leaks were to blame
Cell service provider Visible has confirmed customer reports of attackers accessing and changing user accounts, and it has said the breaches were made using usernames and passwords from “external sources.” in a statement to ledge (Which you can read in full below), the Verizon-owned carrier said it is working to “mitigate the problem” as it becomes aware of it, though it doesn’t mention it at all. What measures have been taken to protect the customers.
Earlier this week, customers of Verizon’s low-cost service were reporting unauthorized charges from Visible on their PayPal or credit card statements, as well as emails telling them passwords or addresses on their accounts had been changed. Some customers have been disappointed by the lack of response from the company, as it has not sent emails or texts about the situation and was largely silent on social media until Wednesday. posted a twitter thread.
If you use your visible username and password across multiple accounts, including your bank/financial accounts, we recommend that you update your username/password with those services. Reminder: Visible will never call and ask for your password, secret question or account PIN.
– visible (@visible) 13 October 2021
In both its statement and Twitter, the company recommends resetting your password if it is a password you have used for other services. That’s good advice, but the company has turned off its password reset system – it wasn’t available yesterday, and as of Wednesday morning you’ll get an error if you try to change your password.
It is very common for hackers to get into accounts using passwords found elsewhere, so everyone (including Visible) is asked to use unique passwords for each service and to change their passwords in case of breach. Security experts also recommend using two-factor authentication, which can help protect you even if your password fails (like in a situation where you’re not able to change it). Visible, however, does not support two-factor authentication, which means its clients are still potentially open to these types of attacks.
Watch Visible’s full statement here.
Visible is aware of an issue in which some member accounts were accessed and/or charged without their authorization. As soon as we were made aware of the issue, we immediately launched a review and began deploying tools to mitigate the problem and enable additional controls to protect our customers.
Our investigation indicated that the threat actors were able to access usernames/passwords from external sources, and exploit that information to log into visible accounts. If you use your visible username and password across multiple accounts, including your bank or other financial accounts, we recommend that you update your username/password with those services.
Protecting customer information – including securing customer accounts – is critically important to our company and our customers. As a reminder, our company will never call and ask for your password, secret question or account PIN. If you believe your account has been tampered with, please contact us via chat at Visible.com.