Reading Time: < 1 minutes

Hackers accessed Visible users’ accounts by stealing credentials from outside sources. 

Verizon-owned cell service provider Visible confirms customer reports of account breaches and hacks. The company says the breaches were carried out using credentials from ‘outside sources’.

In a statement to The Verge, the mobile carrier said that they have worked to mitigate the issue since customers started complaining about it. They have not yet mentioned what measures were taken to protect customers.

Earlier this week, customers of Verizon-owned Visible reported unauthorized charges on their credit card statements and PayPal accounts from Visible. Changes were also seen on emails telling users that their accounts username and passwords have been changed.

Some customers even took to social media to report the issue due to a lack of response from the service provider, which was silent on the issue until Wednesday.

On Wednesday, Visible took to Twitter and confirmed the hack. Visible also said:

“Our investigation indicates that threat actors were able to access username/passwords from outside sources, and exploit that information to login to Visible accounts.”

Visible confirmed on social media that hackers were able to compromise the accounts from outside sources, as their own servers were not attacked. Hackers accessing accounts using passwords from other accounts is quite common. That is why it is recommended users use a separate password for each account.

The company also confirmed to users that customer accounts have been breached, but Visible’s systems have not been compromised, as the company is blaming ‘outside sources’ to be responsible for the breach.

Security Update from Visible

Compromised Visible user accounts

In both, its Tweet and statement to The Verge, Visible recommends resetting your account password, especially for those who are using the same username and password for multiple accounts.

However, the issue is that the company has turned off the password reset system after the incident. It wasn’t available yesterday as it kept giving an error when you tried to change your account credentials.

Users can create unique passwords for each online account using a password generator or a password manager. Enabling two-factor authentication is also recommended, but Visible doesn’t support 2FA as of now.

This incident is quite alarming as a few days ago, a SIM routing company that provides services to carriers like Verizon, T-Mobile, AT&T, and Vodafone, disclosed a five-year-long data breach

This isn’t the first time a mobile network company has been the victim of a data breach incident. 1around a month ago, T-Mobile also faced a data breach along with the recent AT&T breach resulting in a data leak of 70 million customers.

Here is Visible’s full statement to The Verge:

Visible is aware of an issue in which some member accounts were accessed and/or changed without their authorization. As soon as we were made aware of the issue, we immediately initiated a review and started deploying tools to mitigate the issue and enable additional controls to further protect our customers.

Our investigation indicates that threat actors were able to access username/passwords from outside sources and exploit that information to log in to Visible accounts. If you use your Visible username and password across multiple accounts, including your bank or other financial accounts, we recommend updating your username/password with those services.

Protecting customer information — including securing customer accounts — is critically important to our company and our customers. As a reminder, our company will never call and ask for your password, secret questions, or account PINs. If you feel your account has been compromised, please reach out to us via chat at visible.com.