Wireless carrier Visible denies data breach as account takeovers persist
Wireless carrier Visible denies data breach as account takeovers persist
Some customers of the Verizon-endemic Visible wireless service are getting a hard lesson well-nigh re-used passwords and how they can lead to compromised accounts. Meanwhile, the carrier itself seems like information technology's existence taught a lesson near better communication with its customers.
The problem surfaced earlier this week, when some Visible customers posted reports on Reddit that someone had accessed their user accounts with the wireless service and changed their login information.
- Best unlimited data plans — where Visible's plan ranks
- The all-time cheap prison cell phone plans
- Plus: Android phones rail you even when you opt out, new research reveals
Many of the same customers likewise said that unwanted charges had been made through their Visible accounts, usually in the form of the person seizing control of the account helping themselves to a new iPhone in the Visible online store. Others said they'd not been able to get much — or any — aid from Visible, which has no customer-back up telephone service.
"Dude my business relationship got hacked and they shipped out a iPhone thirteen worth 1k that was taken from my PayPal," wrote one user on Reddit. "I am fuming!"
Visible is a low-toll cellular carrier, owned by Verizon, that offers cheap unlimited-data plans and also sells phones and wearables. All customer sales and services are washed through the Visible website.
"A small number of member accounts was changed without their authorization," Visible posted on Reddit in response to the complaints. "We don't believe that whatever Visible systems have been breached or compromised. ... We recommend you review your account contact information and modify your password and security questions to your Visible account."
Visible told Tom's Guide that the incidents weren't the results of a data breach in which hackers obtained login information from Visible.
"Our investigation indicates that threat actors were able to access username/passwords from outside sources, and exploit that information to login to Visible accounts," a company spokesperson told us through a argument.
Tom'southward Guide besides asked Visible for comment on the customer complaints virtually responsiveness, but we accept yet to receive an answer.
Possible credential stuffing
At least some of the afflicted Visible users may exist victims of "credential stuffing." That'southward when a crook takes some of the billions of credential sets (username and password combinations) floating around the internet equally the result of years of data breaches and phishing attacks, then shoots those credential sets rapid-fire at specific websites.
A few of those login attempts will work because practically everyone reuses at least some passwords. Even if the success rate is just a couple of percentage points, the crook volition be able to have over a lot of accounts if they're starting with millions of stolen credentials.
Some Visible users on Reddit and Twitter did say they had unique passwords, but Visible's own tweets suggest that credential stuffing exactly what the company thinks is going on.
"If you apply your Visible username & password beyond multiple accounts, including your bank/fiscal accounts, we recommend updating your username/password with those services," the visitor said Midweek (October. 13).
🚨If yous use your Visible username & countersign across multiple accounts, including your depository financial institution/financial accounts, we recommend updating your username/countersign with those services. Reminder: Visible volition never call & ask for your password, secret questions or account PINs.🚨October 13, 2021
Too late to change your Visible password?
However, many Visible users said they weren't able to modify their own account passwords on the company website — a step that Visible may accept taken to stop more account takeovers.
"Because Visible disabled the reset your countersign feature (why??? I have no idea) the new countersign reset link is at present going to go to the first electronic mail accost the hacker changed information technology to," said one Reddit user. "This is such a sh*t bear witness and I run into no manner Visible can survive this."
"As soon every bit we were fabricated enlightened of the event, we immediately initiated a review and started deploying tools to mitigate the outcome and enable boosted controls to further protect our customers," Visible said as part of its statement.
Many online services offer ii-cistron authentication (2FA) to business relationship holders, an optional feature that makes it much more difficult for attackers to break into accounts even if they know the username and countersign. Visible does not appear to have this option.
If you have a Visible account, and you recollect you may have reused your Visible username and password on other websites, then start by changing your password on each of those other sites — and make each new password strong and unique.
To avoid beingness overwhelmed by lots of complicated passwords, apply one of the best password managers — some of which are gratuitous.
Source: https://www.tomsguide.com/news/visible-account-takeovers
Posted by: joneslossion.blogspot.com
0 Response to "Wireless carrier Visible denies data breach as account takeovers persist"
Post a Comment