Update October 13th, 1:10PM ET: Visible has confirmed that some accounts were accessed without authorization. Read more in our follow-up article. Our original story follows below.
Some customers of Verizon’s Visible service are using social media to say that hackers have accessed their accounts, changed their information to lock them out, and in some cases even ordered phones using their payment info (via XDA). If you’re not familiar, Visible is a cell service owned and operated by Verizon that pitches itself as a less expensive, “all-digital” network, meaning there aren’t any physical stores like you’d get with a traditional carrier. Starting on Monday, customers on both Twitter and Reddit reported en masse that they’d been getting emails from the company about changed passwords and addresses, and that they’ve had difficulties contacting the company’s chat support.
Visible’s customer service account on Twitter seemingly hasn’t addressed the issue, besides directing upset customers to its DMs. A user marked as a Visible employee on the subreddit posted a statement on Monday afternoon, saying that a “small number” of accounts were affected, but that the company didn’t believe its systems had been breached. The statement did recommend that users change their passwords, but as many commenters pointed out (and as I can confirm), the password reset system currently isn’t working. Verizon didn’t immediately respond to a request for comment from The Verge.
I’m a Visible customer myself (I switched from T-Mobile for reasons unrelated to its recent massive data breach, but am very thrilled to possibly have been double-owned) and so far my account doesn’t seem to be compromised. I’m able to log in online and make sure my order history doesn’t have anything untoward, and opening the app is working like normal (though I received a few errors earlier in the day). I haven’t received any emails, texts, or other communications from the company regarding this situation.
Without much official word from the company, it’s hard to say exactly how the reported breaches happened, and what any potential hackers have access to — though we’ll keep you updated if we hear back. With many security breaches, the advice is to change your password and make sure you have two-factor authentication turned on, but Visible currently doesn’t support 2FA. Hopefully, incidents like this where some customers are seeing $1,000-plus charges on their credit cards from Visible may make that feature a higher priority.