Earlier this week, a leading telecommunication giant, Verizon, notified its prepaid customers of a cyberattack with third-party actor access to Verizon accounts. Verizon’s letter confirmed the incident for affected customers. According to the letter released by Verizon, the attackers partially exposed its prepaid customers’ credit card information and other personal information that could easily lead to identity theft. Per the Verizon letter, the attack occurred between Oct 6 and Oct 10, 2022, and affected as many as 250 prepaid customers.
In a letter sent to its customers, Verizon said it identified unusual activity on the prepaid accounts and its network and, upon further investigation, discovered exposed credit card information. The company did not reveal who was responsible for the attack or how the threat actors managed to break into Verizon’s endpoints. The breach exposed the last four digits of the customers’ credit cards used to make automatic payments on their prepaid accounts. While no complete credit card details were accessible, the last four digits were enough to allow hackers access to Verizon user prepaid accounts, which hold information such as a name, phone number, prepaid plans, and billing address.
Per the Verizon letter, the attackers may have also processed an unauthorized SIM card swap on the prepaid account. The attackers used customers’ credit card details to access user accounts, engage in SIM-swapping attacks, and steal sensitive data. SIM swapping aids cybercriminals in overriding control of the target’s phone number by fooling their mobile carriers into altering the phone number to a hacker-controlled SIM card using social engineering. Verizon, however, reversed any SIM card change during the attack.
An unapproved phone can receive SMS messages for password resets, and multi-factor authentication on other accounts instead of the legitimate phone giving hackers access to any account whose username they have or can guess.
According to BleepingComputer, one of the Verizon customers who received the notice told them they were victims of SIM swap attacks more than a week before Verizon officially alerted its prepaid customers. The customer claimed the attackers breached their email and tried accessing their crypto accounts.
Verizon claims to have secured the user’s account upon discovering the attack. About protecting user's accounts, Verizon took the following measures:
- Reset the Account Security Code or PIN of affected users.
- Reversed any unauthorized SIM change.
- Prevented further outlawed access to users' accounts using the last four digits of their credit card.
- The attack has been noted on affected users' accounts to alert Verizon’s customer service representatives that cybercriminals may have targeted their accounts.
While the company took a few actions, it also suggested its users set a unique Verizon PIN code that is not used to secure any other accounts. The company also recommended setting a new password and new secret question and answer that users can use to access their ‘My Verizon’ account.
For more news and updates, Visit https://blog.excellimatrix.com/ or follow us on Facebook & LinkedIn or Contact us at 406-646-2102 and get your questions answered.
