Several Verizon Visible customers are reporting that attackers have hacked their accounts to order iPhone 13 models for themselves. Visible Wireless is a small carrier that runs on Verizon’s 4G LTE network and offers unlimited talk, text, and data at a reduced price than Verizon, its parent company. The carrier usually runs flash sales on iPhone models.
Hackers change shipping details of Verizon Visible accounts to receive the ordered iPhone 13 models at their addresses
The Visible subreddit is “flooded” with reports of Visible Verizon accounts being hacked and the attackers changed the users’ account information to make purchases on users’ credit cards but get the product delivered to their own shipping address.
Dude my account got hacked and they shipped out an iPhone 13 worth 1k that was taken from my PayPal. I am fuming! – @rickyh7
I’m going to keep this as professional as possible. Last night, 10/11, I received three emails from Visible, telling me my: 1. email address 2. shipping address 3.service address were changed. It was late, like 11PM, and I tried chatting with them right away, but there was no queue, no sign of getting picked up anytime soon. Is it 24/7 chat, or no?………..
My Visible account is clearly hacked, and the card I had in file with them for automatic payments was used to purchase something on Visible.com
That something, I’m 99% sure it’s an iPhone 13 Pro Max, 128GB, whichever color you want, as with tax it comes to a perfect $1,175.85 sale price as well
The shipping address put on Paypal is 28 Spirit Lane, Staten Island, NY 10303-2467. I live in the DMV area (DC-Maryland-Virginia) – @kejshoxha
The possible explanation for such attacks is either the accounts are not protected by two-factor authorization (2FA) or Verizon Visible had a data breach. As published on XDA, the carrier’s statement on the issue maintains that the breach is because of using the same password used to log in to another website or account. But some victims say that they used randomly generated passwords for their accounts which were not used anywhere else.
Visible is aware of an issue in which some member accounts were accessed and/or charged without their authorization. As soon as we were made aware of the issue, we immediately initiated a review and started deploying tools to mitigate the issue and enable additional controls to further protect our customers.
Our investigation indicates that threat actors were able to access username/passwords from outside sources, and exploit that information to login to Visible accounts. If you use your Visible username and password across multiple accounts, including your bank or other financial accounts, we recommend updating your username/password with those services.