Categories
Security

Some of Verizon’s Visible cell network customers say they’ve been hacked

Update October 13th, 1:10PM ET: Visible has confirmed that some accounts were accessed without authorization. Read more in our follow-up article. Our original story follows below.

Some customers of Verizon’s Visible service are using social media to say that hackers have accessed their accounts, changed their information to lock them out, and in some cases even ordered phones using their payment info (via XDA). If you’re not familiar, Visible is a cell service owned and operated by Verizon that pitches itself as a less expensive, “all-digital” network, meaning there aren’t any physical stores like you’d get with a traditional carrier. Starting on Monday, customers on both Twitter and Reddit reported en masse that they’d been getting emails from the company about changed passwords and addresses, and that they’ve had difficulties contacting the company’s chat support.

Visible’s customer service account on Twitter seemingly hasn’t addressed the issue, besides directing upset customers to its DMs. A user marked as a Visible employee on the subreddit posted a statement on Monday afternoon, saying that a “small number” of accounts were affected, but that the company didn’t believe its systems had been breached. The statement did recommend that users change their passwords, but as many commenters pointed out (and as I can confirm), the password reset system currently isn’t working. Verizon didn’t immediately respond to a request for comment from The Verge.

I’m a Visible customer myself (I switched from T-Mobile for reasons unrelated to its recent massive data breach, but am very thrilled to possibly have been double-owned) and so far my account doesn’t seem to be compromised. I’m able to log in online and make sure my order history doesn’t have anything untoward, and opening the app is working like normal (though I received a few errors earlier in the day). I haven’t received any emails, texts, or other communications from the company regarding this situation.

The error message I received earlier trying to log into the app.

Without much official word from the company, it’s hard to say exactly how the reported breaches happened, and what any potential hackers have access to — though we’ll keep you updated if we hear back. With many security breaches, the advice is to change your password and make sure you have two-factor authentication turned on, but Visible currently doesn’t support 2FA. Hopefully, incidents like this where some customers are seeing $1,000-plus charges on their credit cards from Visible may make that feature a higher priority.



Repost: Original Source and Author Link

Categories
Security

Visible confirms account breaches, blames ‘outside sources’

Cell service provider Visible has confirmed customer reports of attackers accessing and changing user accounts, and it has said that the breaches were carried out using usernames and passwords from “outside sources.” In a statement to The Verge (which you can read in full below), the Verizon-owned carrier said that it’s worked to “mitigate the issue” since it became aware of it, though it doesn’t mention exactly what measures it’s put in place to protect customers.

Starting earlier this week, customers of Verizon’s lower-cost service were reporting unauthorized charges from Visible on their PayPals or credit card statements, as well as emails telling them that their accounts’ passwords or addresses had been changed. Some customers have been frustrated with a lack of response from the company, as it hasn’t sent out emails or texts about the situation and was largely silent on social media until Wednesday, when it posted a Twitter thread.

In both its statement and on Twitter, the company recommends resetting your password if it’s one you’ve used for other services. It’s good advice, but the company has turned off its password reset system — it wasn’t available yesterday, and as of Wednesday morning you’ll still get an error if you try to change your password.

Hackers getting into accounts using passwords found elsewhere is very common, that’s why everybody (including Visible) says to use unique passwords for each service and to change your passwords in the case of a breach. Security experts also recommend using two-factor authentication, which can help protect you even if your password fails (like in a situation where you’re not able to change it). Visible, however, doesn’t support two-factor authentication, which means that its customers are still potentially open to these kinds of attacks.

Here’s Visible’s full statement.

Visible is aware of an issue in which some member accounts were accessed and/or charged without their authorization. As soon as we were made aware of the issue, we immediately initiated a review and started deploying tools to mitigate the issue and enable additional controls to further protect our customers.

Our investigation indicates that threat actors were able to access username/passwords from outside sources, and exploit that information to login to Visible accounts. If you use your Visible username and password across multiple accounts, including your bank or other financial accounts, we recommend updating your username/password with those services.

Protecting customer information — including securing customer accounts — is critically important to our company and our customers. As a reminder, our company will never call and ask for your password, secret questions or account PINs. If you feel your account has been compromised, please reach out to us via chat at visible.com.



Repost: Original Source and Author Link

Categories
Tech News

Verizon’s $40 unlimited Visible service lifts its 5Mbps speed cap to welcome the Google Pixel 3a

Verizon’s Visible phone service is a great option for people who don’t want to spend a bundle on their bill every month, but its $40-a-month unlimited hook has always come with a catch: Data speeds are capped at 5Mbps, which is painfully slow when trying to streams videos or games on the go.

Beginning today, Visible is lifting that cap for a limited time. It’s not clear exactly how long the promotion will last—Visible says the offering will be determined “as we learn more about member needs”—but both new and current members can take advantage of it. Visible says new members need only restart their phones to take advantage of the uncapped speeds.

Visible has also announced that the Google Pixel 3a and 3a XL will be joining its network, which already includes the iPhone (6 and later), Pixel 3 and 3 XL, Samsung Galaxy S9 and S9+, and the ZTE-made Visible R2. Additionally, Visible said Google’s phones will be available for purchase through the carrier’s site in the coming weeks.

For more information about the service and current offers, visit www.visible.com.

Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link policy for more details.

Repost: Original Source and Author Link