Categories: Cyber Attack

Verizon Cyberattack – Prepaid Customers Data Exposed

Verizon notified its prepaid customers of the recent cyberattack that threat actors gained access to Verizon accounts and used exposed credit card information.

The company says during regular account monitoring, they were able to notice an abnormal activity on the prepaid line that received the SMS linking to this notice. 

“We determined that between October 6 and October 10, 2022, a third party actor accessed the last four digits of the credit card used to make automatic payments on your account”, reads the notice released by Verizon. 

The threat actors used the last four digits of customers’ credit cards used to make payments on their prepaid accounts. This account access allows attackers to process unauthorized SIM card changes also called ‘SIM swapping’  on prepaid lines.

“Using the last four digits of that credit card, the third party was able to gain access to your Verizon account and may have processed an unauthorized SIM card change on the prepaid line that received the SMS linking to this notice. If a SIM card change occurred, Verizon has reversed it”, Verizon

Verizon said it immediately blocked further unauthorized access to its clients’ accounts and found no evidence that this malicious activity is still ongoing. 

Generally, the user account holds information such as name, telephone number, billing address, price plans, and other service-related information. 

Particularly the company noted that it does not include banking information, financial information, passwords, Social Security numbers, tax IDs, or other personal information. 

The company also reset the ‘Account Security Codes’ (PINs) for an undisclosed number of customers in an abundance of caution.

SIM Swapping Attack

One of the Verizon customers who received this notice says that they were the victims of a SIM swap attack more than a week before Verizon alerted customers.

“On 10/7 when I was sim-swapped, the attackers breached my email and attempted to access my crypto accounts,” 

“I suspect they used information from the Coinbase breach to target me but got access due to the exposure of credit card info from Verizon”, told BleepingComputer.

SIM swapping allows attackers to take control of a target’s phone number by convincing their mobile carriers to swap the phone number to an attacker-controlled SIM card using ‘social engineering’.

“We recently identified possible unauthorized activity involving about 250 prepaid wireless accounts. We secured these accounts and put in place additional measures to protect our customers from further unauthorized access or fraud,” according to a Verizon spokesperson.

“If any customer believes their account was accessed without authorization, they should reach out to us online, in the MyVerizon app, or by calling 888-483-7200”, Verizon

The company advised you to set a new Verizon PIN code and set a new password secret question to protect your Verizon account. Verizon allows customers to defend against SIM swapping attacks by enabling the free ‘Number Lock’ protection feature through the My Verizon app or the My Verizon website.

Also Read: Download Secure Web Filtering – Free E-book

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

New WordPress Plugin That Weaponizes Legit Sites To Steal Customer Payment Data

Cybercriminals have developed PhishWP, a malicious WordPress plugin, to facilitate sophisticated phishing attacks, which enable…

3 hours ago

New FireScam Android Malware Abusing Firebase Services To Evade Detection

FireScam is multi-stage malware disguised as a fake “Telegram Premium” app that steals data and…

4 hours ago

Hackers Weaponize Security Testing By Weaponizing npm, PyPI, & Ruby Exploit Packages

Over the past year, malicious actors have been abusing OAST services for data exfiltration, C2…

5 hours ago

Hackers Mimic Social Security Administration To Deliver ConnectWise RAT

A phishing campaign spoofing the United States Social Security Administration emerged in September 2024, delivering…

5 hours ago

EAGERBEE Malware Updated It’s Arsenal With Payloads & Command Shells

The Kaspersky researchers investigation into the EAGERBEE backdoor revealed its deployment within Middle Eastern ISPs…

5 hours ago

CyTwist Launches Advanced Security Solution to Identify AI-Driven Cyber Threats in Minutes

CyTwist, a leader in advanced next-generation threat detection solutions, has launched its patented detection engine…

7 hours ago