Verizon’s Visible Wireless Carrier Confirms Credential-Stuffing Attack
Verizon’s Visible wireless carrier has confirmed that user accounts were hijacked in a security incident. Users are posting stories of forcibly changed passwords and getting stuck with bills for new iPhones. According to Verizon, users lose control of their accounts on Wednesday, had their passwords and shipping addresses changed, and some were charged for new iPhones they never bought. The carrier denied that the incident was a data breach and rather argued that it was a credential stuffing attack.
Visible Wireless is owned by Verizon and runs on its 4G LTE network. Visible offers cheap data plans and does not have brick-and-mortar stores. Over the past year, the company has gotten increasingly popular. In most of the hacking cases, the email address associated with the account had been reset by an unknown attacker. The attacker then used the accounts’ payment methods to order new phones. One user claimed that the attacker bought an $812 iPhone and still has not regained access to her account.