Verizon warned an undisclosed number of prepaid customers that attackers gained access to Verizon accounts and used exposed credit card info in SIM swapping attacks. "We determined that between October 6 and October 10, 2022, a third-party actor accessed the last four digits of the credit card used to make automatic payments on your account."
Using the last four digits of that credit card, the third party could gain access to Verizon accounts and may have processed an unauthorized SIM card change on prepaid lines. The telecom giant added that it blocked further unauthorized access to its clients' funds and found no evidence that this malicious activity is still ongoing.
The company also reset the Account Security Codes (PINs) for an undisclosed number of customers "in abundance of caution." According to the notification, the attackers couldn't access the entire credit card number or the customers' banking information, financial information, passwords, Social Security numbers, tax IDs, or other personal details since user accounts don't contain this info. However, Verizon said the threat actors could have accessed names, telephone numbers, billing addresses, price plans, and other service-related information on compromised accounts.
SIM swapping allows criminals to take control of a target's phone number by convincing their mobile carriers to swap the phone number to an attacker-controlled SIM card using social engineering or with the help of bribed employees. Last week, a Verizon customer reported that when they were sim-swapped, the attackers breached their email and attempted to access the victim's crypto accounts. It was suspected that the attackers used stolen information from the Coinbase breach to target the victim but were able to obtain access due to the exposure of credit card info from Verizon.
Steps to Mitigate the Breach's Effects
Verizon notified the impacted customers and advised on additional steps the customers can take to enhance their account security.
Customers are advised to set a new Verizon PIN code to secure their Verizon account from future attacks and a new password and secret question to safeguard their My Verizon online accounts. Verizon customers can also defend against SIM swapping attacks by enabling the free 'Number Lock' protection feature through the My Verizon app or the My Verizon website. Once the phone number is locked, it can no longer be ported to another line/carrier or swapped to another SIM unless the account owner removes the lock.