According to an article in BleepingComputer, some Verizon Prepaid customers were the unfortunate recipients of a message from Verizon notifying them that their accounts have been compromised.
Verizon has told the unfortunate subscribers that a third party was able to see the last four digits of the credit card used to make automatic payments on their accounts. That information was then used to gain account access. The note that Verizon sent out to the affected subscribers stated that the third party "may have processed an unauthorized SIM card change" (SIM swap) on their line. Verizon says that if a SIM card change occurred, they were able to reverse it.
Fortunately, only a small number of accounts seem to have been compromised. A Verizon Spokesperson told BleepingComputer "we recently identified possible unauthorized activity involving about 250 prepaid wireless accounts. We secured these accounts and put in place additional measures to protect our customers from further unauthorized access or fraud."
Verizon says that it has taken the following actions to help prevent another incident on the impacted accounts:
- We have prevented further unauthorized access to your account using the last four digits of your credit card.
- If any unauthorized SIM change occurred, Verizon reversed it.
- This unauthorized activity has been noted on your account to alert our customer service representatives that your account may have been previously targeted for fraudulent activity.
- We reset your Account Security Code (PIN) in an abundance of caution.
Verizon Prepaid recommends that its customers set new Verizon PIN codes, change their passwords, and security questions and answers.
SIM card swaps are a tool used by hackers to gain access to their target's financial accounts including bank, credit, and cryptocurrency accounts to siphon money from them. Subscribers that use their Verizon Prepaid number as a two-factor authentication to log in to a bank, email, social media, or any other account are advised to change the passwords and PINs associated with those accounts.
The data breach was said to have occurred between October 6, and October 10, 2022. At around this time last year, BestMVNO reported that one of Verizon's other prepaid brands, Visible by Verizon, was also affected by a security breach. A spokesperson for Visible told BestMVNO at the time that "threat actors were able to access username/passwords from outside sources, and exploit that information to log in to Visible accounts. If you use your Visible username and password across multiple accounts, including your bank or other financial accounts, we recommend updating your username/password with those services."