The telecommunications company Verizon alerted an undisclosed number of users that they suffered a security breach, which led the attackers to obtain users’ credit card information, among other data. In addition to exposing these accounts to SIM swapping attacks. The company released its own statement, but some details do not match what was stated by those affected. Read on to learn more.
Verizon sends notifications to users of affected accounts
This week, Verizon began a mass notification to many users affected by a security breach. The company did not disclose the number of the accounts at risk; its alert statement to those affected was as follows:
“We determined that between October 6 and October 10, 2022, a third party actor accessed the last four digits of the credit card used to make automatic payments on your account. Using the last four digits of that credit card, the third party was able to gain access to your Verizon account and may have processed an unauthorized SIM card change on the prepaid line that received the SMS linking to this notice.”
Among the measures taken is the blocking of other unauthorized attempts to the accounts of its users, as well as the reset of the Account Security Codes (PINs) to be cautious. They also assured that they no longer find traces of malicious activity on their servers, along with the fact that the attackers did not have access to full credit card numbers, banking information, financial information, passwords, Social Security numbers, tax IDs, or other personal information since user accounts don’t contain this info.
They gained access to names, telephone numbers, billing addresses, price plans, and other service-related information. But even though the most sensitive information was safe, these accounts suffered a very common attack, SIM swapping, also known as SIM hijacking, SIM splitting, or SIM jacking.
This attack consists of cybercriminals taking control of the victim’s phone number and convincing the company to exchange that number to a SIM that they control, all thanks to social engineering or an employee who has been coerced. Several Verizon users confirm the attack but, at the same time, indicate that they suffered the SIM swapping attack days before the notification. And with the numbers, they obtained access to their personal emails and thus access to their crypto accounts.
Finally, it was noted that Verizon does not want this information to have such a wide reach, since although they published a statement, and the same notification that they sent to users on their website, they programmed it so that search engines would not index said page by adding ‘noindex’ and ‘nofollow’ tags to its metadata.
Keep in touch with our blog to read the latest news and innovations in the cybersecurity world.
Foto de Marques Thomas en Unsplash.
Facebook: Eagle Tech Corp
LinkedIn: Eagle Tech
YouTube: Eagle Tech Corp