Verizon has notified an unknown number of its prepaid customers about a cyberattack that partially exposed their credit card details as well as a host of other personally identifiable information that could lead to identity theft.
In a letter sent to its customers, Verizon said it had recently noticed unusual activity on its network, and after further investigation, it discovered a violation that occurred between October 6 and October 10, 2022.
The company did not say who was behind the attack or how cybercriminals managed to get through Verizon’s endpoints.
SIM card replacement attacks
It is unclear whether the breach was caused by malware, ransomware, or social engineering. He said the attackers obtained the last four digits of the credit cards of prepaid customers used to pay for the service.
The attackers used this information to gain access to user accounts, engage in SIM swap attacks, and steal sensitive data:
“Using the last four digits of that credit card, a third party was able to access your Verizon account and could process an unauthorized SIM change on a prepaid line that received an SMS with a link to this notification,” the company said. “If the SIM was changed, Verizon revoked it.”
The stolen sensitive data included names, phone numbers, postal addresses, pricing plans, and other information related to the services.
However, Verizon has confirmed that bank details, financial details, passwords, social security numbers, and tax IDs have not been accessed.
While the company has reset the PINs for all affected customers, it has also suggested that users check their confidential login credentials.
Set a new Verizon PIN. Do not reuse your previous PIN, and be sure to choose a unique PIN that is not used for securing non-Verizon accounts. Set a new password and a new secret question and answer for users with access to your My Verizon online account. “
By: Hissing computer (opens in a new tab)