Cell service supplier Seen has confirmed customer reports of attackers accessing and altering person accounts, and it has stated that the breaches had been carried out utilizing usernames and passwords from “outdoors sources.” In an announcement to The Verge (which you’ll learn in full under), the Verizon-owned service stated that it’s labored to “mitigate the problem” because it grew to become conscious of it, although it doesn’t point out precisely what measures it’s put in place to guard prospects.
Beginning earlier this week, prospects of Verizon’s lower-cost service were reporting unauthorized charges from Seen on their PayPals or bank card statements, in addition to emails telling them that their accounts’ passwords or addresses had been modified. Some prospects have been annoyed with an absence of response from the corporate, because it hasn’t despatched out emails or texts concerning the scenario and was largely silent on social media till Wednesday, when it posted a Twitter thread.
In case you use your Seen username & password throughout a number of accounts, together with your financial institution/monetary accounts, we suggest updating your username/password with these companies. Reminder: Seen won’t ever name & ask in your password, secret questions or account PINs.
— Seen (@Seen) October 13, 2021
In each its assertion and on Twitter, the corporate recommends resetting your password if it’s one you’ve used for different companies. It’s good recommendation, however the firm has turned off its password reset system — it wasn’t out there yesterday, and as of Wednesday morning you’ll nonetheless get an error should you attempt to change your password.
Hackers entering into accounts utilizing passwords discovered elsewhere is quite common, that’s why everyone (together with Seen) says to make use of distinctive passwords for every service and to vary your passwords within the case of a breach. Safety consultants additionally suggest utilizing two-factor authentication, which may also help shield you even when your password fails (like in a scenario the place you’re not capable of change it). Seen, nevertheless, doesn’t help two-factor authentication, which signifies that its prospects are nonetheless probably open to those sorts of assaults.
Right here’s Seen’s full assertion.
Seen is conscious of a difficulty during which some member accounts had been accessed and/or charged with out their authorization. As quickly as we had been made conscious of the problem, we instantly initiated a evaluation and began deploying instruments to mitigate the problem and allow extra controls to additional shield our prospects.
Our investigation signifies that menace actors had been capable of entry username/passwords from outdoors sources, and exploit that info to login to Seen accounts. In case you use your Seen username and password throughout a number of accounts, together with your financial institution or different monetary accounts, we suggest updating your username/password with these companies.
Defending buyer info — together with securing buyer accounts — is critically essential to our firm and our prospects. As a reminder, our firm won’t ever name and ask in your password, secret questions or account PINs. In case you really feel your account has been compromised, please attain out to us by way of chat at visible.com.