Verizon-owned MVNO (mobile virtual network operator) Visible may have suffered a data breach. Several customers have reported unauthorized access to their Visible account over the past few days. The hackers have changed their account details, and in some cases, purchased new phones using their payment info, XDA reports accumulating user complaints across various online platforms such as Twitter and Reddit. For the uninitiated, Visible is a cost-effective cell service that operates on Verizon’s network. It’s an “all-digital” service, meaning it doesn’t have any physical presence.
Reports about this suspected data breach started pouring in this Monday. Affected Visible customers say they have received emails about password and address changes. Some users have also reported that the hackers have changed the email address associated with their accounts. Worse yet, a few of them report that the hackers have used the payment method saved in their accounts to order new phones worth more than $1,000.
— Kelley (@ksmrz77) October 12, 2021
Visible has yet to officially acknowledge that there has been a data breach. But a Reddit user marked as a Visible employee suggested that the hack only affected a “small number” of accounts and that the company doesn’t believe its systems have been breached or compromised. This suggests that the attackers are using credentials compromised during some other data breaches to access the accounts. As XDA notes, it’s a tactic known as credential stuffing.
However, some affected users say they used password manager apps to randomly generate passwords for their Visible accounts. They hadn’t stored or used those passwords anywhere else. These claims once again point toward a possible breach on the company’s side. We will have to wait for an official announcement before we can say for sure though.
Visible doesn’t acknowledge but is aware of this data breach
The aforementioned Visible employee has assured that this unauthorized access to user accounts is no longer ongoing. They are urging users to change or reset their passwords. But the company seems to have blocked the password reset system, and changes to payment info as well. This suggests that the MVNO is aware of the breach though it hasn’t publicly announced it yet.
Meanwhile, Visible says it is experiencing technical issues with its customer service platform. The company is currently unable to make any changes to the affected accounts. The official customer service team is merely directing affected users to send in a DM. But that seemingly isn’t helping, leaving users worried. Sure enough, it is taking way too long to address the issue. We will be keeping an eye on any official communication from the company regarding this incident.
Only if Visible used 2FA (two-factor authentication), the damage could have been minimized. Hopefully, this incident will make the company take user security more seriously.