Quite a few Seen Wi-fi subscribers are reporting that their accounts have been hacked this week. Seen runs on Verizon’s 5G and 4G LTE networks and is owned by Verizon.
Suspicions of an information breach at Seen began Monday when some clients noticed unauthorized purchases on their accounts:
@Visible I used to be simply hacked! They despatched themselves a cellphone and altered my tackle! Pressing!’ How do i@cease this!!!! HURRY!!
— Kelley (@ksmrz77) October 12, 2021
On the Seen subreddit, customers reported seeing unauthorized orders positioned from their accounts:
Nice, somebody hacked my @visible account, bought iPhone utilizing my PayPal, and altered the password. @visiblecare isn’t responding. Scammer additionally tricked me with e-mail spams in an effort to make me miss any e-mail notifications from Seen.
— Kristian Kim (@kristiankim) October 13, 2021
Credential stuffing doubtless, firm says
In an e-mail despatched to clients and posted publicly yesterday, Seen shared what it believes brought on the hacks.
“We’ve discovered of an incident whereby info on some member accounts was modified with out their authorization. We’re taking protecting steps to safe all impacted accounts and stop any additional unauthorized entry,” mentioned Seen within the announcement. “Our investigation signifies that risk actors have been in a position to entry username/passwords from exterior sources and exploit that info to log in to Seen accounts. When you use your Seen username and password throughout a number of accounts, together with your financial institution or different monetary accounts, we suggest updating your username/password with these providers.”
The corporate’s wording means that buyer credentials have been obtained from a third-party leak or breached database after which used to entry buyer accounts, a apply often called credential stuffing. The corporate advises clients to reset passwords and safety info and can immediate customers to re-validate cost info earlier than additional purchases might be made.
However an professional has cast doubts on the credential-stuffing idea, noting that Seen admitted in a tweet to “technical points” with its chat platform this week, with the corporate briefly unable to make any adjustments to buyer accounts. Seen has since deleted its tweet.
Did Seen know since final week?
Though Seen made a public assertion yesterday, the corporate first acknowledged the problem on Twitter on October 8. On the time, Seen offered a imprecise cause: order affirmation emails erroneously despatched out by the corporate.
“We’re sorry for any confusion this will likely have brought on! There was an error the place this e-mail was despatched to members, please disregard it,” the corporate informed a buyer.
One Seen buyer reacted angrily to the delay, saying, “This response is totally irresponsible, given the truth that you might be at present underneath assault and are conscious of MANY customers which have had their accounts compromised.”
Seen says clients will not be held responsible for any unauthorized expenses. “If there’s a mistaken cost in your account, you’ll not be held accountable, and the fees might be reversed,” the corporate mentioned.
Seen clients impacted by the incident ought to monitor for suspicious transactions and alter their passwords, each on their Seen account and another web sites the place they’ve used the identical credentials.