Verizon 'Visible' Wireless Accounts Hacked, Exploited To Buy New iPhones

from the whoops-a-daisy dept

Wireless subscribers of Verizon’s Visible prepaid service received a rude awakening after hackers compromised their account, then ordered expensive new iPhones on their dime. Last week a company statement indicated that “threat actors were able to access username/passwords from outside sources,” then utilize that access to login to Visible customer accounts. Hacked users say the attackers then utilized that access to order expensive kit, and, initially, getting Visible to do anything about it was a challenge:

The company seemed to initially claim this was an instance of “credential stuffing,” or hackers obtaining login information obtained from other hacks or breaches of other services, then testing those logins in as many services as they can find. But experts doubted that claim, noting that the company had been complaining about issues with its chat services before acknowledging the hack. More specifically, Visible support reps were telling users that ambiguous “technical issues” had left it incapable of making any changes to customer accounts.

There are also questions about when the company knew about the hacks, with it initially trying to claim last week that the hack and subsequent iPhone orders were an ordinary system error:

Although Visible made a public statement yesterday, the company first acknowledged the issue on Twitter on October 8. At the time, Visible provided a vague reason: order confirmation emails erroneously sent out by the company.

“We’re sorry for any confusion this may have caused! There was an error where this email was sent to members, please disregard it,” the company told a customer.

Again, this is where just a basic, internet-era privacy law requiring greater transparency (and perhaps a little more accountability for industries and executives that not only keep failing to secure user data, but clearly aren’t great about being honest with their users) would come in kind of handy. Instead we keep just looking at the problem and shrugging because purportedly drafting competent privacy laws with any competency is deemed impossible, letting the repercussions pile up.

Filed Under: , , , ,
Companies: verizon

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Verizon 'Visible' Wireless Accounts Hacked, Exploited To Buy New iPhones”

Subscribe: RSS Leave a comment
K`Tetch (profile) says:

not surprised

I tried signing to visible twice over the summer.
The first time, they took so long to process, that my previous service had expired, and so they couldn’t do the port any more. And the reason it took so long to process is that the field for the password to do the port, only takes a-z 0-9. no symbols. So anyone that routinely makes more secure passwords, it’ll fail and you have to wait an hour to deal with their (outsourced) reps.

Their solution? I pay for another month on my existing carrier, and then immediately port over to them. I said no.

2 months later, we tried porting my son’s phone over. They sent him the wrong sim card, sending him one for an S6 and not a note10. Again, their only real solution was to cancel the account and start again.

And why is it so bad? Well, I’ve heard rumor’s that its because the people on Visible’s chat, are those that don’t make their stats as a Verizon Tech-Coach (and at Asureon, the ONLY stat that matters for Verizon Tech Coach tech support staff is sales of the Asureon protection plan. Solving things, customer ratings, etc. Irrelevant. And Visible doesn’t have that, so the only way to get sales figures to move back up to ‘the good account’, would be to sell phones.

Gee I wonder why it’s so easy to charge phones to accounts on a service that ONLY handles you through a crappy webchat, or through social media DMs

K`Tetch (profile) says:

Re: What has happened

My other half worked for them for a while.

most of it is outsourced, to Asureon (who until recently, also handled pretty much ALL cell phone insurance in the US). Over the last 3-4 years, as they’ve lost contracts (like DirecTV going to overseas after the AT+T merger), home depot and walmart warranty contracts being cancelled, etc. they’ve had to focus more on selling than anything else.
So their cellphone support (Verizon, sprint, and I think they just lost T-mobile) now have their metrics not based on actual support stats, or even average call time, or anything else. Instead the SOLE metric that matters is selling protection plans for home electronics and other add-ons.

And by that I mean that Tech support people are now expected to get at least one sale per day. Coaching isn’t about better dealing with tech problems, or defusing angry customers, it’s now almost entirely about ‘rebuttals’, and ‘sales openings’. And if you don’t sell at least 3/week, you’re put on a warning plan, and if you don’t increase sales still at that point, then you’re fired.

Now if you try to lead an ambiguous statement that you could interpret as the customer expressing mild interest, and add it despite them not actually agreeing to it, that’s not a problem. If you accidentally click ‘add’ when you didn’t mean to and they didn’t want it though, then you get in trouble – not for adding it, but for drawing the customers attention to the whole idea of ‘cancelling it’, and not ‘well go ahead and try it and if you don’t like it cancel at the end of the month’, hoping they’ll forget scam.

That’s why it’s gone downhill.

That Anonymous Coward (profile) says:

Why is it I see this…

"threat actors were able to access username/passwords from outside sources,"

And in my head know the outside source was a hacking forum where someone has persistent access to Verizon has been selling account details for years.

Its just so clean to claim it was outside sources, when you were the only possible source of the data in the first place.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...