BleepingComputer reports that Verizon has disclosed that some of its prepaid customers had their accounts accessed, with exposed credit card information later used in SIM swapping attacks.
Threat actors were able to infiltrate Verizon's system between Oct. 6 and Oct. 10 to obtain access to the last four digits of credit cards used for automated payments, which were then used to access Verizon accounts, according to Verizon, which noted that unauthorized SIM card changes processed by the attackers have already been reversed, while additional unauthorized access has already been blocked. Verizon has also performed Account Security Code resets for an undisclosed number of prepaid customers even though there has no longer been evidence suggesting ongoing malicious activity.
"We recently identified possible unauthorized activity involving about 250 prepaid wireless accounts. We secured these accounts and put in place additional measures to protect our customers from further unauthorized access or fraud," said a Verizon spokesperson, who added that affected customers have already been informed regarding necessary steps for improving account security.
Such postponement comes after Recall was subjected to several delays since June due to security concerns associated with the feature, which has since been allayed by Microsoft with its assurances of an opt-in experience, a completely encrypted database, and Windows Hello-based authentication.
Aside from enabling surveillance that curtails individuals' privacy rights, the UN cybercrime treaty — which has already been approved by the body's Ad Hoc Committee on Cybercrime — also requires the gathering and sharing of private internet user data with other countries that could legitimate authoritarian nations' partnerships.