Visible Digital Carrier Breached, Hackers Reportedly Buying Phones
Table of Contents
- By Dawna M. Roberts
- Published: Oct 27, 2021
- Last Updated: Mar 18, 2022
On Monday, October 11, unknown persons carried out multiple unauthorized actions on user accounts on Visible. This made many people believe that the Verizon-owned digital carrier might have experienced a data breach.
What Happened With Visible?
Multiple Visible users were complaining about social media platforms that someone had hijacked their accounts. In most of the cases, the email address connected to their Visible account was changed. After this, unauthorized charges from Visible were placed on their PayPal, credit, or debit accounts for expensive purchases. Among the items purchased were iPhones that the hackers shipped to unknown addresses.
Due to how widespread the problem was and the fact that some subscribers claimed they used randomly generated passwords that they had not used on any other site, most users believed the issue was from Visible and not their accounts. Since Visible does not offer users the extra security of multi-factor authentication, a randomized password is the most users can do to secure their accounts.
How Did The Company Handle the Breach?
Customers were upset at the way Visible seemed to be slow to respond to the situation. Despite the commotion on most social media platforms, especially Reddit, it took the company days before they made an official statement. Although it was evident that they knew about the problem shortly after the initial uproar last Monday when the password reset feature was locked. However, this made little difference as the platform would have still sent any reset requests to the changed emails of the hackers, not the original account holders.
Visible eventually released a Twitter statement on Wednesday where they clearly stated that the problem was not from their end. The statement read that,
“...threat actors were able to access username/passwords from outside sources and exploit that information to log in to Visible accounts.”
Visible advised users to use different email addresses and passwords for their various online accounts for their safety. This is because hackers can easily use the usernames and passwords from a different breach to log into their Visible account. This type of cyberattack is known as credential stuffing.
The company assured their subscribers that they took action as soon as they became aware of the issue and they made sure to deploy tools to mitigate it. They asked affected customers to reach out to them via chat as Visible is an entirely digital company with no physical outlets. Unfortunately, until Thursday last week, some customers had still been unable to reach customer care.
Most customers are still waiting to see the actions Visible will take to solve the issue and compensate their users.
What is Credential Stuffing?
Credential stuffing is a type of cyberattack where a user’s credential stolen from a data breach is used to access the user’s account in another organization. They are prevalent because about 65% of internet users reuse the same usernames and passwords on multiple, unrelated accounts.
Credential stuffing is rampant because massive lists of stolen credentials are available for sale on the dark web. The development of sophisticated bots that can attempt multiple logins simultaneously has also helped to spread this type of attack.
This type of breach is preventable with the proper security measures. On the user’s part, the best option is to always use unique passwords for different sites. You could use a password generator to create random passwords. Adding an extra layer of security like enabling multi-factor authentication would also help.
Companies can protect users from credential stuffing by adopting measures such as-
- CAPTCHA.
- Multi-factor authentication.
- IP blacklisting.
- Using bot management services.