from the whoops-a-daisy dept
Wi-fi subscribers of Verizon’s Seen pay as you go service acquired a impolite awakening after hackers compromised their account, then ordered costly new iPhones on their dime. Final week a firm assertion indicated that “menace actors have been capable of entry username/passwords from outdoors sources,” then make the most of that entry to login to Seen buyer accounts. Hacked customers say the attackers then utilized that entry to order costly equipment, and, initially, getting Seen to do something about it was a problem:
Nice, somebody hacked my @seen account, bought iPhone utilizing my PayPal, and adjusted the password. @visiblecare shouldn’t be responding. Scammer additionally tricked me with electronic mail spams in an effort to make me miss any electronic mail notifications from Seen.
— Kristian Kim (@kristiankim) October 13, 2021
The corporate appeared to initially declare this was an occasion of “credential stuffing,” or hackers acquiring login data obtained from different hacks or breaches of different providers, then testing these logins in as many providers as they will discover. However specialists doubted that declare, noting that the corporate had been complaining about points with its chat providers earlier than acknowledging the hack. Extra particularly, Seen help reps have been telling customers that ambiguous “technical points” had left it incapable of creating any modifications to buyer accounts.
There are additionally questions on when the corporate knew concerning the hacks, with it initially making an attempt to say final week that the hack and subsequent iPhone orders have been an odd system error:
Though Seen made a public assertion yesterday, the corporate first acknowledged the difficulty on Twitter on October 8. On the time, Seen supplied a obscure cause: order affirmation emails erroneously despatched out by the corporate.
“We’re sorry for any confusion this may increasingly have prompted! There was an error the place this electronic mail was despatched to members, please disregard it,” the corporate advised a buyer.
Once more, that is the place only a fundamental, internet-era privateness regulation requiring higher transparency (and maybe just a little extra accountability for industries and executives that not solely hold failing to safe consumer information, however clearly aren’t nice about being sincere with their customers) would are available sort of useful. As a substitute we hold simply trying on the drawback and shrugging as a result of purportedly drafting competent privateness legal guidelines with any competency is deemed not possible, letting the repercussions pile up.
Thanks for studying this Techdirt publish. With so many issues competing for everybody’s consideration today, we actually admire you giving us your time. We work exhausting daily to place high quality content material on the market for our group.
Techdirt is among the few remaining really unbiased media retailers. We don’t have an enormous company behind us, and we rely closely on our group to help us, in an age when advertisers are more and more bored with sponsoring small, unbiased websites — particularly a web site like ours that’s unwilling to tug punches in its reporting and evaluation.
Whereas different web sites have resorted to paywalls, registration necessities, and more and more annoying/intrusive promoting, we have now all the time stored Techdirt open and obtainable to anybody. However so as to proceed doing so, we’d like your help. We provide a wide range of methods for our readers to help us, from direct donations to particular subscriptions and funky merchandise — and each little bit helps. Thanks.
–The Techdirt Group