Thursday, March 28, 2024

Verizon Cyberattack – Prepaid Customers Data Exposed

Verizon notified its prepaid customers of the recent cyberattack that threat actors gained access to Verizon accounts and used exposed credit card information.

The company says during regular account monitoring, they were able to notice an abnormal activity on the prepaid line that received the SMS linking to this notice. 

“We determined that between October 6 and October 10, 2022, a third party actor accessed the last four digits of the credit card used to make automatic payments on your account”, reads the notice released by Verizon. 

The threat actors used the last four digits of customers’ credit cards used to make payments on their prepaid accounts. This account access allows attackers to process unauthorized SIM card changes also called ‘SIM swapping’  on prepaid lines.

“Using the last four digits of that credit card, the third party was able to gain access to your Verizon account and may have processed an unauthorized SIM card change on the prepaid line that received the SMS linking to this notice. If a SIM card change occurred, Verizon has reversed it”, Verizon

Verizon said it immediately blocked further unauthorized access to its clients’ accounts and found no evidence that this malicious activity is still ongoing. 

Generally, the user account holds information such as name, telephone number, billing address, price plans, and other service-related information. 

Particularly the company noted that it does not include banking information, financial information, passwords, Social Security numbers, tax IDs, or other personal information. 

The company also reset the ‘Account Security Codes’ (PINs) for an undisclosed number of customers in an abundance of caution.

SIM Swapping Attack

One of the Verizon customers who received this notice says that they were the victims of a SIM swap attack more than a week before Verizon alerted customers.

“On 10/7 when I was sim-swapped, the attackers breached my email and attempted to access my crypto accounts,” 

“I suspect they used information from the Coinbase breach to target me but got access due to the exposure of credit card info from Verizon”, told BleepingComputer.

SIM swapping allows attackers to take control of a target’s phone number by convincing their mobile carriers to swap the phone number to an attacker-controlled SIM card using ‘social engineering’.

“We recently identified possible unauthorized activity involving about 250 prepaid wireless accounts. We secured these accounts and put in place additional measures to protect our customers from further unauthorized access or fraud,” according to a Verizon spokesperson.

“If any customer believes their account was accessed without authorization, they should reach out to us online, in the MyVerizon app, or by calling 888-483-7200”, Verizon

The company advised you to set a new Verizon PIN code and set a new password secret question to protect your Verizon account. Verizon allows customers to defend against SIM swapping attacks by enabling the free ‘Number Lock’ protection feature through the My Verizon app or the My Verizon website.

Also Read: Download Secure Web Filtering – Free E-book

Website

Latest articles

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...

CISA Warns of Hackers Exploiting Microsoft SharePoint Server Vulnerability

Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in Microsoft...

Microsoft Expands Edge Bounty Program to Include WebView2!

Microsoft announced that Microsoft Edge WebView2 eligibility and specific out-of-scope information are now included...

Beware of Free Android VPN Apps that Turn Your Device into Proxies

Cybersecurity experts have uncovered a cluster of Android VPN applications that covertly transform user...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles