[Update: Statement] Verizon-owned Visible network suffers suspected data breach
PrivacyPrivacy
XDA Developers
NEWS
FORUMS
DEVICES
TOPICS
BEST POSTS
close
Search
FORUMS
Register for Forums
Set up a new account on the XDA Developers Forums
Login to Forums
Sign in to the XDA Developers Forums
XDA’S APPS
Nav Gestures
Add swipe gestures to any Android, no root
One handed mode
Make your phone easier to use with one hand, no root
XDA Forum App
The best way to access XDA on your phone
Hyperion Launcher
A sweet, feature-filled launcher with a beautiful UX.
SITES WE LIKE
Swappa
XDA’s official marketplace for buying and selling tech
Pocketnow
Premium videos
SOCIAL
RESOURCES
Subscribe to our Newsletter
Contact
About
TIP US
Windows 11
Galaxy Fold 3
5G
Galaxy Z Flip 3
Android 12
Galaxy S21
OnePlus 9
Pixel 6
Huawei | XDA
We are reader supported. External links may earn us a commission.
[Update: Statement] Verizon-owned Visible network suffers suspected data breach
October 13, 2021 2:53pmCommentCorbin Davenport
[Update: Statement] Verizon-owned Visible network suffers suspected data breach
Update 1 (10/13/2021 @ 13:30 ET): Visible has released the following statement about the incident, claiming that it was not breached:
Visible is aware of an issue in which some member accounts were accessed and/or charged without their authorization. As soon as we were made aware of the issue, we immediately initiated a review and started deploying tools to mitigate the issue and enable additional controls to further protect our customers.
Our investigation indicates that threat actors were able to access username/passwords from outside sources, and exploit that information to login to Visible accounts. If you use your Visible username and password across multiple accounts, including your bank or other financial accounts, we recommend updating your username/password with those services.
Protecting customer information — including securing customer accounts — is critically important to our company and our customers. As a reminder, our company will never call and ask for your password, secret questions or account PINs. If you feel your account has been compromised, please reach out to us via chat at visible.com.
The article as published on October 12, 2021, is preserved below.
Visible is a “digital” carrier owned by Verizon, with a greater emphasis on fair pricing and shared plans. The company has gained popularity for its relatively low pricing for unlimited data plans, and earlier this year, Visible introduced 5G service and eSIM support. However, Visible subscribers are now experiencing something a lot less fun than saving money — many accounts are being hijacked, often to purchase phones for whoever obtained access.
Social media sites, especially the Visible subreddit, are currently flooded with reports of Visible accounts being hijacked. In most cases, the email address associated with the account is reset by an unknown attacker, then the payment method on the account is used to order a phone.
“My account got hacked and they shipped out a [sic] iPhone 13 worth 1k that was taken from my PayPal,” one Reddit user wrote. Another said, “I literally signed up for Visible yesterday, and bought a [sic] $812 iPhone through their website. I woke up to an email this morning telling me that the email address associated with my account has been changed. […] 7 hours later I got an email saying the shipping address on my account has been changed, and no, I still wasn’t able to log in.”
@Visible I was just hacked! They sent themselves a phone and changed my address! Urgent!’ How do i@stop this!!!! HURRY!!
— Kelley (@ksmrz77) October 12, 2021
Are you going to address the fact that many of your users accounts have been compromised? People are having their information changed and phones ordered fraudulently and you all have said nothing.
— free britney (@nathanpt21) October 11, 2021
@Visible It’s time to make a statement addressing the fact that hundreds of members (including myself) had their accounts compromised & thousand dollar phones charged to their default payment method. You then disabled password resets & we’re no longer able to access our accounts.
— itswhatiam (@itswhatiam) October 11, 2021
It’s not clear if Visible itself suffered a data breach, or if the attackers are using usernames and passwords obtained from other data breaches to log in — a tactic known as credential stuffing. Some Visible subscribers claim to have used randomly generated passwords for their accounts that were not used elsewhere, which would indicate Visible itself had a security breach, but it’s probably still too early to tell. Visible also does not support two-factor authentication, which may have limited the damage from any security breaches.
Visible has not yet publicly announced the breach, but the company is definitely aware because it has locked password resets and changes to billing information. We have reached out to Visible for more information, and we will update this article if we hear back.
XDA Developers
NEWS
FORUMS
DEVICES
TOPICS
BEST POSTS
close
Search
FORUMS
Register for Forums
Set up a new account on the XDA Developers Forums
Login to Forums
Sign in to the XDA Developers Forums
XDA’S APPS
Nav Gestures
Add swipe gestures to any Android, no root
One handed mode
Make your phone easier to use with one hand, no root
XDA Forum App
The best way to access XDA on your phone
Hyperion Launcher
A sweet, feature-filled launcher with a beautiful UX.
SITES WE LIKE
Swappa
XDA’s official marketplace for buying and selling tech
Pocketnow
Premium videos
SOCIAL
RESOURCES
Subscribe to our Newsletter
Contact
About
TIP US
Windows 11
Galaxy Fold 3
5G
Galaxy Z Flip 3
Android 12
Galaxy S21
OnePlus 9
Pixel 6
Huawei | XDA
We are reader supported. External links may earn us a commission.
[Update: Statement] Verizon-owned Visible network suffers suspected data breach
October 13, 2021 2:53pmCommentCorbin Davenport
[Update: Statement] Verizon-owned Visible network suffers suspected data breach
Update 1 (10/13/2021 @ 13:30 ET): Visible has released the following statement about the incident, claiming that it was not breached:
Visible is aware of an issue in which some member accounts were accessed and/or charged without their authorization. As soon as we were made aware of the issue, we immediately initiated a review and started deploying tools to mitigate the issue and enable additional controls to further protect our customers.
Our investigation indicates that threat actors were able to access username/passwords from outside sources, and exploit that information to login to Visible accounts. If you use your Visible username and password across multiple accounts, including your bank or other financial accounts, we recommend updating your username/password with those services.
Protecting customer information — including securing customer accounts — is critically important to our company and our customers. As a reminder, our company will never call and ask for your password, secret questions or account PINs. If you feel your account has been compromised, please reach out to us via chat at visible.com.
The article as published on October 12, 2021, is preserved below.
Visible is a “digital” carrier owned by Verizon, with a greater emphasis on fair pricing and shared plans. The company has gained popularity for its relatively low pricing for unlimited data plans, and earlier this year, Visible introduced 5G service and eSIM support. However, Visible subscribers are now experiencing something a lot less fun than saving money — many accounts are being hijacked, often to purchase phones for whoever obtained access.
Social media sites, especially the Visible subreddit, are currently flooded with reports of Visible accounts being hijacked. In most cases, the email address associated with the account is reset by an unknown attacker, then the payment method on the account is used to order a phone.
“My account got hacked and they shipped out a [sic] iPhone 13 worth 1k that was taken from my PayPal,” one Reddit user wrote. Another said, “I literally signed up for Visible yesterday, and bought a [sic] $812 iPhone through their website. I woke up to an email this morning telling me that the email address associated with my account has been changed. […] 7 hours later I got an email saying the shipping address on my account has been changed, and no, I still wasn’t able to log in.”
@Visible I was just hacked! They sent themselves a phone and changed my address! Urgent!’ How do i@stop this!!!! HURRY!!
— Kelley (@ksmrz77) October 12, 2021
Are you going to address the fact that many of your users accounts have been compromised? People are having their information changed and phones ordered fraudulently and you all have said nothing.
— free britney (@nathanpt21) October 11, 2021
@Visible It’s time to make a statement addressing the fact that hundreds of members (including myself) had their accounts compromised & thousand dollar phones charged to their default payment method. You then disabled password resets & we’re no longer able to access our accounts.
— itswhatiam (@itswhatiam) October 11, 2021
It’s not clear if Visible itself suffered a data breach, or if the attackers are using usernames and passwords obtained from other data breaches to log in — a tactic known as credential stuffing. Some Visible subscribers claim to have used randomly generated passwords for their accounts that were not used elsewhere, which would indicate Visible itself had a security breach, but it’s probably still too early to tell. Visible also does not support two-factor authentication, which may have limited the damage from any security breaches.
Visible has not yet publicly announced the breach, but the company is definitely aware because it has locked password resets and changes to billing information. We have reached out to Visible for more information, and we will update this article if we hear back.
