Categories: Cyber Attack

Verizon Cyberattack – Prepaid Customers Data Exposed

Verizon notified its prepaid customers of the recent cyberattack that threat actors gained access to Verizon accounts and used exposed credit card information.

The company says during regular account monitoring, they were able to notice an abnormal activity on the prepaid line that received the SMS linking to this notice. 

“We determined that between October 6 and October 10, 2022, a third party actor accessed the last four digits of the credit card used to make automatic payments on your account”, reads the notice released by Verizon. 

The threat actors used the last four digits of customers’ credit cards used to make payments on their prepaid accounts. This account access allows attackers to process unauthorized SIM card changes also called ‘SIM swapping’  on prepaid lines.

“Using the last four digits of that credit card, the third party was able to gain access to your Verizon account and may have processed an unauthorized SIM card change on the prepaid line that received the SMS linking to this notice. If a SIM card change occurred, Verizon has reversed it”, Verizon

Verizon said it immediately blocked further unauthorized access to its clients’ accounts and found no evidence that this malicious activity is still ongoing. 

Generally, the user account holds information such as name, telephone number, billing address, price plans, and other service-related information. 

Particularly the company noted that it does not include banking information, financial information, passwords, Social Security numbers, tax IDs, or other personal information. 

The company also reset the ‘Account Security Codes’ (PINs) for an undisclosed number of customers in an abundance of caution.

SIM Swapping Attack

One of the Verizon customers who received this notice says that they were the victims of a SIM swap attack more than a week before Verizon alerted customers.

“On 10/7 when I was sim-swapped, the attackers breached my email and attempted to access my crypto accounts,” 

“I suspect they used information from the Coinbase breach to target me but got access due to the exposure of credit card info from Verizon”, told BleepingComputer.

SIM swapping allows attackers to take control of a target’s phone number by convincing their mobile carriers to swap the phone number to an attacker-controlled SIM card using ‘social engineering’.

“We recently identified possible unauthorized activity involving about 250 prepaid wireless accounts. We secured these accounts and put in place additional measures to protect our customers from further unauthorized access or fraud,” according to a Verizon spokesperson.

“If any customer believes their account was accessed without authorization, they should reach out to us online, in the MyVerizon app, or by calling 888-483-7200”, Verizon

The company advised you to set a new Verizon PIN code and set a new password secret question to protect your Verizon account. Verizon allows customers to defend against SIM swapping attacks by enabling the free ‘Number Lock’ protection feature through the My Verizon app or the My Verizon website.

Also Read: Download Secure Web Filtering – Free E-book

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices.…

1 day ago

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts…

3 days ago

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits…

4 days ago

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations…

4 days ago

Google Chrome Security, Critical Vulnerabilities Patched

Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions…

4 days ago

Notorious WrnRAT Delivered Mimic As Gambling Games

WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games…

4 days ago