[ad_1]
Verizon has alerted an undisclosed number of prepaid customers that attackers gained access to Verizon accounts and used exposed credit card information in a SIM swapping attack.
“We have determined that between October 6th and October 10th, 2022, a third party actor accessed the last four digits of the credit card used to make automatic payments on your account. ‘, Verizon said in an alert issued this week.
“A third party has been able to access your Verizon account using the last four digits of that credit card and may have processed an unauthorized SIM card change on your prepaid line that received an SMS linking to this notification. Verizon has revoked it if it happened if the SIM card was changed.”
Verizon blocked further unauthorized access to the client’s account, adding that it found no evidence of this malicious activity still in progress.
The company has also “out of caution” resetting an undisclosed number of customers’ account security codes (PINs).
According to the notice, the attackers did not have access to complete credit card numbers, customer banking information, financial information, passwords, social security numbers, tax IDs, or other personal information. This is because the user’s account does not contain these information.
However, Verizon said the attackers may have had access to compromised accounts’ names, phone numbers, billing addresses, pricing plans, and other service-related information.
SIM swap attack used to steal crypto
One of Verizon’s customers who received the notice told BleepingComputer that they were victims of a SIM swap attack more than a week before Verizon warned customers.
“When I replaced my SIM on October 7th, the attackers compromised my email and attempted to access my cryptocurrency account,” they told BleepingComputer.
“They supposedly targeted me using information from the Coinbase breach, which I was able to access because my credit card information from Verizon was exposed.”
SIM swapping (also known as SIM hijacking, SIM splitting, or SIM jacking) allows criminals to use social engineering or bribes to swap phone numbers for attacker-controlled SIM cards. You can control the target phone number by convincing your mobile carrier to do so. employee.
Verizon’s notice was published on its website earlier this week, warning customers about these attacks, but the telecoms giant added “noindex” and “nofollow” tags to its metadata to prevent search engines from Prevented the page from being indexed.
A Verizon spokesperson told BleepingComputer:
“Verizon has notified affected customers and advised them of additional steps they can take to increase the security of their accounts. We continuously enhance and evolve our security protocols to keep you safe.
“As always, customers who believe their accounts have been accessed without permission should contact us online, on the MyVerizon app, or by calling 888-483-7200.”
We recommend that you set a new Verizon PIN code to protect your Verizon account from future attacks, and set a new password and security question to protect your My Verizon online account.
Verizon also allows customers to protect against SIM swapping attacks by activating a free “Number Lock” protection feature through the My Verizon app or My Verizon website.
Once a phone number is locked, it cannot be ported to another line/carrier or swapped to another SIM unless the account holder unlocks it.
A year ago, Verizon-owned digital wireless carrier Visible also admitted that some customer accounts had been hacked after several days of technical problems.
Update Oct 18 16:28 EDT: Added Verizon statement.
[ad_2]
Source link
