A small wireless carrier owned by Verizon reported a data breach. Customers say they're livid at how it was handled.
- Wireless carrier Visible confirmed reports of a data breach that gave hackers unauthorized access to customers' accounts.
- Customers reported changes of addresses, emails, and passwords, and iPhone purchases charged to their Visible accounts.
Wireless carrier company Visible confirmed reports of a data breach that gave hackers unauthorized access to customers' accounts and payment information, but some customers say they are still waiting to get fraudulent charges reversed.
Customers first reported the breach over the weekend after noticing emails from Visible saying their emails, passwords and addresses had been changed, but they hadn't initiated the action. Some customers even had unauthorized charges from Visible placed on their PayPal, debit, or credit card accounts for costly purchases like an iPhone 12 or the latest iPhone 13 Pro Max that costs over $1,000.
Several Visible customers told Insider that they were then unable to reset their passwords because Visible's password reset feature appeared to be down and any reset emails were going to the changed emails of the bad actors, not their personal emails.
Visible, owned by Verizon, is an all-digital wireless carrier in the US. Visible is popular amongst its users for its price-- for as low as $25 a month, Visible users get unlimited talk, text, data, and mobile hotspot. Verizon is one of the largest wireless carriers in the US and services over 121.3 million total wireless customers.
Some customers have been upset about the lack of communication from the company, saying they found out about the breach through conversation on the internet. Customers have also complained that the carrier has been slow to act once fraud is detected in their accounts and that they are still unable to access their accounts several days after the initial breach.
"I'm livid-- not about the breach, it's 2021 and we all know that hacking is part of our reality-- but about the way Visible has handled the entire situation," a Visible customer who had been charged $763 for an unauthorized purchase of an iPhone 12 told Insider. "Instead of alerting all customers immediately or acknowledging the larger issue, they kept it under wraps for days and in doing so, probably compromised many of their customer's other accounts."
Since the COVID-19 pandemic began, hacking activity has been on the rise. Last year, the FBI reported a 300% increase in the number of cyber crimes reported, warning people need to be extra cautious, according to The Hill. Wireless carrier T-Mobile was involved in a data breach last month that sold millions of customers' information to threat actors on the dark web. Last week, Syniverse, a major telecommunications company, said hackers had been in its system for years exposing billions of text messages and millions of cell phone users' data, Insider reported.
Visible first released a statement on Twitter on Wednesday stating that the bad actors were able to access customers' usernames and passwords from an "outside source."
"As soon as we were made aware of the issue, we immediately initiated a review and started deploying tools to mitigate the issue and enable additional controls to further protect our customers," a spokesperson from Visible told Insider in a statement. "If you use your Visible username and password across multiple accounts, including your bank or other financial accounts, we recommend updating your username/password with those services."
Three customers told Insider they are wary of the company's explanations because they had long and unique passphrases for their Visible accounts that were not used on any other website.
Visible does not offer multi-factor authentication (MFA) for its accounts which, according to cybersecurity experts, is important in preventing data breaches and hacks of this nature.
"Passwords, as a single means to authenticate, continue to be a primary target for attackers," Gary Brickhouse, the chief information security officer of the cybersecurity firm GuidePoint Security, told Insider in an email. "This is caused by the use of simple, easily guessed passwords and other malicious activity such as phishing emails."
80% of breaches like Visible involve brute force or the use of lost or stolen credentials, something that MFA can help prevent.
"Think of 2 factor authentication as the chain lock on your front door, while username and password are your keys to the lock, if that chain is in place, intruders aren't getting in," Adam Kujawa, director of Malwarebytes Labs told Insider.
Visible customers say they are waiting to see what steps the company takes.
"They've been great up to this point and there's nothing that provides the same service for near the same price," Visible customer Hailen Jackson told Insider. "If they don't provide a proper security roadmap/update I will definitely leave."