After customers of the Verizon-owned budget mobile carrier Visible took to social media to complain about hacking and fraud attempts, the company has now confirmed that security breaches were carried out on its users by hackers who obtained their credentials from “outside sources”.
As reported by The Verge, the mobile carrier said that it is in the process of working to “mitigate the issue” though it did not provide any details on the steps it has employed to do so. Visible customers recently began reporting that unauthorized charges from the company had appeared on their PayPal and credit card statements while others received emails saying the password or address of their accounts had been changed.
Customers were also frustrated that the company hadn’t sent out any emails or texts notifying them regarding the situation. Visible did eventually go on Twitter where it explained what had happened in a post, saying:
“Our investigation indicates that threat actors were able to access username/passwords from outside sources, and exploit that information to login to Visible accounts.”
After confirming that some of its customer accounts had been compromised, Visible recommended in a statement and on Twitter that its users should reset their passwords if they’ve reused them across multiple accounts.
While this advice is fairly standard after a security breach, the mobile carrier’s password reset system has been unavailable and users that did try to reset their passwords received an error message.
Visible also recommended that users create unique passwords for each of their online accounts which can be done using a password generator though most password managers now offer this functionality as well. Although enabling two-factor authentication (2FA) is also recommended, Visible doesn’t support 2FA for authentication which could leave its customers open to similar attacks in the future.
If you’re a Visible customer that has reused passwords across multiple accounts, the only precaution you can take at the moment is to change these passwords to prevent having your other accounts hacked by the cybercriminals behind this breach.
Via The Verge