Verizon 'Visible' Wireless Accounts Hacked, Exploited To Buy New iPhones

from the whoops-a-daisy dept

Wireless subscribers of Verizon's Visible prepaid service received a rude awakening after hackers compromised their account, then ordered expensive new iPhones on their dime. Last week a company statement indicated that "threat actors were able to access username/passwords from outside sources," then utilize that access to login to Visible customer accounts. Hacked users say the attackers then utilized that access to order expensive kit, and, initially, getting Visible to do anything about it was a challenge:

The company seemed to initially claim this was an instance of "credential stuffing," or hackers obtaining login information obtained from other hacks or breaches of other services, then testing those logins in as many services as they can find. But experts doubted that claim, noting that the company had been complaining about issues with its chat services before acknowledging the hack. More specifically, Visible support reps were telling users that ambiguous "technical issues" had left it incapable of making any changes to customer accounts.

There are also questions about when the company knew about the hacks, with it initially trying to claim last week that the hack and subsequent iPhone orders were an ordinary system error:

Although Visible made a public statement yesterday, the company first acknowledged the issue on Twitter on October 8. At the time, Visible provided a vague reason: order confirmation emails erroneously sent out by the company.

"We're sorry for any confusion this may have caused! There was an error where this email was sent to members, please disregard it," the company told a customer.

Again, this is where just a basic, internet-era privacy law requiring greater transparency (and perhaps a little more accountability for industries and executives that not only keep failing to secure user data, but clearly aren't great about being honest with their users) would come in kind of handy. Instead we keep just looking at the problem and shrugging because purportedly drafting competent privacy laws with any competency is deemed impossible, letting the repercussions pile up.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: breach, data breach, hack, prepaid service, visible
Companies: verizon


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Mononymous Tim (profile), 21 Oct 2021 @ 11:49am

    "Visible", as in your usernames and passwords are visible to everyone.

    reply to this | link to this | view in chronology ]

  • icon
    K`Tetch (profile), 21 Oct 2021 @ 12:29pm

    not surprised

    I tried signing to visible twice over the summer.
    The first time, they took so long to process, that my previous service had expired, and so they couldn't do the port any more. And the reason it took so long to process is that the field for the password to do the port, only takes a-z 0-9. no symbols. So anyone that routinely makes more secure passwords, it'll fail and you have to wait an hour to deal with their (outsourced) reps.

    Their solution? I pay for another month on my existing carrier, and then immediately port over to them. I said no.

    2 months later, we tried porting my son's phone over. They sent him the wrong sim card, sending him one for an S6 and not a note10. Again, their only real solution was to cancel the account and start again.

    And why is it so bad? Well, I've heard rumor's that its because the people on Visible's chat, are those that don't make their stats as a Verizon Tech-Coach (and at Asureon, the ONLY stat that matters for Verizon Tech Coach tech support staff is sales of the Asureon protection plan. Solving things, customer ratings, etc. Irrelevant. And Visible doesn't have that, so the only way to get sales figures to move back up to 'the good account', would be to sell phones.

    Gee I wonder why it's so easy to charge phones to accounts on a service that ONLY handles you through a crappy webchat, or through social media DMs

    reply to this | link to this | view in chronology ]

  • icon
    united9198 (profile), 21 Oct 2021 @ 12:46pm

    What has happened

    What has happened to Verizon? Their customer service has gone south and it seems they are either oblivious to it or okay with it....neither of which is acceptable to customers. I am astonished to see what has happened.

    reply to this | link to this | view in chronology ]

    • icon
      K`Tetch (profile), 21 Oct 2021 @ 1:34pm

      Re: What has happened

      My other half worked for them for a while.

      most of it is outsourced, to Asureon (who until recently, also handled pretty much ALL cell phone insurance in the US). Over the last 3-4 years, as they've lost contracts (like DirecTV going to overseas after the AT+T merger), home depot and walmart warranty contracts being cancelled, etc. they've had to focus more on selling than anything else.
      So their cellphone support (Verizon, sprint, and I think they just lost T-mobile) now have their metrics not based on actual support stats, or even average call time, or anything else. Instead the SOLE metric that matters is selling protection plans for home electronics and other add-ons.

      And by that I mean that Tech support people are now expected to get at least one sale per day. Coaching isn't about better dealing with tech problems, or defusing angry customers, it's now almost entirely about 'rebuttals', and 'sales openings'. And if you don't sell at least 3/week, you're put on a warning plan, and if you don't increase sales still at that point, then you're fired.

      Now if you try to lead an ambiguous statement that you could interpret as the customer expressing mild interest, and add it despite them not actually agreeing to it, that's not a problem. If you accidentally click 'add' when you didn't mean to and they didn't want it though, then you get in trouble - not for adding it, but for drawing the customers attention to the whole idea of 'cancelling it', and not 'well go ahead and try it and if you don't like it cancel at the end of the month', hoping they'll forget scam.

      That's why it's gone downhill.

      reply to this | link to this | view in chronology ]

    • icon
      sumgai (profile), 21 Oct 2021 @ 5:28pm

      Re: What has happened

      Their customer service has gone south ...

      Your statement assumes that Verizon customer service was ever "North" in the first place. Pretty sure you won't find very many people agreeing with you on that one.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 22 Oct 2021 @ 4:57am

      Re: What has happened

      I mean, this is the same company that couldn't do basic math 10+ years ago...

      https://consumerist.com/2010/02/23/verizon-didnt-know-difference-between-difference-between-0 02-and-00002/

      reply to this | link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 22 Oct 2021 @ 12:24am

    Why is it I see this...

    "threat actors were able to access username/passwords from outside sources,"

    And in my head know the outside source was a hacking forum where someone has persistent access to Verizon has been selling account details for years.

    Its just so clean to claim it was outside sources, when you were the only possible source of the data in the first place.

    reply to this | link to this | view in chronology ]

  • icon
    Jeffrey Nonken (profile), 22 Oct 2021 @ 9:54am

    The best time to eat crow is when it is young and tender.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Follow Techdirt
Advertisment

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.