Categories: Cyber Attack

Verizon Cyberattack – Prepaid Customers Data Exposed

Verizon notified its prepaid customers of the recent cyberattack that threat actors gained access to Verizon accounts and used exposed credit card information.

The company says during regular account monitoring, they were able to notice an abnormal activity on the prepaid line that received the SMS linking to this notice. 

“We determined that between October 6 and October 10, 2022, a third party actor accessed the last four digits of the credit card used to make automatic payments on your account”, reads the notice released by Verizon. 

The threat actors used the last four digits of customers’ credit cards used to make payments on their prepaid accounts. This account access allows attackers to process unauthorized SIM card changes also called ‘SIM swapping’  on prepaid lines.

“Using the last four digits of that credit card, the third party was able to gain access to your Verizon account and may have processed an unauthorized SIM card change on the prepaid line that received the SMS linking to this notice. If a SIM card change occurred, Verizon has reversed it”, Verizon

Verizon said it immediately blocked further unauthorized access to its clients’ accounts and found no evidence that this malicious activity is still ongoing. 

Generally, the user account holds information such as name, telephone number, billing address, price plans, and other service-related information. 

Particularly the company noted that it does not include banking information, financial information, passwords, Social Security numbers, tax IDs, or other personal information. 

The company also reset the ‘Account Security Codes’ (PINs) for an undisclosed number of customers in an abundance of caution.

SIM Swapping Attack

One of the Verizon customers who received this notice says that they were the victims of a SIM swap attack more than a week before Verizon alerted customers.

“On 10/7 when I was sim-swapped, the attackers breached my email and attempted to access my crypto accounts,” 

“I suspect they used information from the Coinbase breach to target me but got access due to the exposure of credit card info from Verizon”, told BleepingComputer.

SIM swapping allows attackers to take control of a target’s phone number by convincing their mobile carriers to swap the phone number to an attacker-controlled SIM card using ‘social engineering’.

“We recently identified possible unauthorized activity involving about 250 prepaid wireless accounts. We secured these accounts and put in place additional measures to protect our customers from further unauthorized access or fraud,” according to a Verizon spokesperson.

“If any customer believes their account was accessed without authorization, they should reach out to us online, in the MyVerizon app, or by calling 888-483-7200”, Verizon

The company advised you to set a new Verizon PIN code and set a new password secret question to protect your Verizon account. Verizon allows customers to defend against SIM swapping attacks by enabling the free ‘Number Lock’ protection feature through the My Verizon app or the My Verizon website.

Also Read: Download Secure Web Filtering – Free E-book

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting victims…

12 hours ago

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ advanced…

13 hours ago

XSS Vulnerability in Bing.com Let Attackers Send Crafted Malicious Requests

A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to execute…

15 hours ago

Meta Removed 2 Million Account Linked to Malicious Activities

 Meta has announced the removal of over 2 million accounts connected to malicious activities, including…

19 hours ago

Veritas Enterprise Vault Vulnerabilities Lets Attackers Execute Arbitrary Code Remotely

Critical security vulnerability has been identified in Veritas Enterprise Vault, a widely-used archiving and content…

20 hours ago

7-Zip RCE Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been disclosed in the popular file archiving tool 7-Zip, allowing…

20 hours ago