Verizon Cyberattack – Prepaid Customers Data Exposed

Verizon notified its prepaid customers of the recent cyberattack that threat actors gained access to Verizon accounts and used exposed credit card information.

The company says during regular account monitoring, they were able to notice an abnormal activity on the prepaid line that received the SMS linking to this notice. 

“We determined that between October 6 and October 10, 2022, a third party actor accessed the last four digits of the credit card used to make automatic payments on your account”, reads the notice released by Verizon. 

The threat actors used the last four digits of customers’ credit cards used to make payments on their prepaid accounts. This account access allows attackers to process unauthorized SIM card changes also called ‘SIM swapping’  on prepaid lines.

“Using the last four digits of that credit card, the third party was able to gain access to your Verizon account and may have processed an unauthorized SIM card change on the prepaid line that received the SMS linking to this notice. If a SIM card change occurred, Verizon has reversed it”, Verizon

Verizon said it immediately blocked further unauthorized access to its clients’ accounts and found no evidence that this malicious activity is still ongoing. 

Generally, the user account holds information such as name, telephone number, billing address, price plans, and other service-related information. 

Particularly the company noted that it does not include banking information, financial information, passwords, Social Security numbers, tax IDs, or other personal information. 

The company also reset the ‘Account Security Codes’ (PINs) for an undisclosed number of customers in an abundance of caution.

SIM Swapping Attack

One of the Verizon customers who received this notice says that they were the victims of a SIM swap attack more than a week before Verizon alerted customers.

“On 10/7 when I was sim-swapped, the attackers breached my email and attempted to access my crypto accounts,” 

“I suspect they used information from the Coinbase breach to target me but got access due to the exposure of credit card info from Verizon”, told BleepingComputer.

SIM swapping allows attackers to take control of a target’s phone number by convincing their mobile carriers to swap the phone number to an attacker-controlled SIM card using ‘social engineering’.

“We recently identified possible unauthorized activity involving about 250 prepaid wireless accounts. We secured these accounts and put in place additional measures to protect our customers from further unauthorized access or fraud,” according to a Verizon spokesperson.

“If any customer believes their account was accessed without authorization, they should reach out to us online, in the MyVerizon app, or by calling 888-483-7200”, Verizon

The company advised you to set a new Verizon PIN code and set a new password secret question to protect your Verizon account. Verizon allows customers to defend against SIM swapping attacks by enabling the free ‘Number Lock’ protection feature through the My Verizon app or the My Verizon website.

Also Read: Download Secure Web Filtering – Free E-book