Verizon Alerts Prepaid Customers to Recent Security Breach

Around 250 Verizon prepaid accounts were compromised.

David Anders Senior Writer
David Anders is a senior writer for CNET covering broadband providers, smart home devices and security products. Prior to joining CNET, David built his industry expertise writing for the broadband marketplace Allconnect. In his 5 plus years covering broadband, David's work has been referenced by a variety of sources including ArcGIS, DIRECTV and more. David is from and currently resides in the Charlotte area with his wife, son and two cats.
Expertise Broadband providers, Home internet, Security Cameras
David Anders
2 min read
Verizon logo
Sarah Tew/CNET

Verizon notified prepaid customers this week of a recent cyberattack that granted third-party actors access to their accounts, as reported earlier Tuesday by BleepingComputer. The attack occurred between Oct. 6 and Oct. 10 and affected 250 Verizon prepaid customers.

"We recently identified possible unauthorized activity involving about 250 prepaid wireless accounts. We secured these accounts and put in place additional measures to protect our customers from further unauthorized access or fraud," Verizon said in a statement. "Verizon has notified the impacted customers and advised on additional steps the customers can take to enhance their account security."

The breach exposed the last four digits of customers' credit cards used to make payments on their prepaid accounts. While no full credit card information was accessible, the information was enough to grant the attackers access to Verizon user accounts, which hold semi-sensitive data such "name, telephone number, billing address, price plans, and other service-related information," per a notice from Verizon.

Account access also potentially enabled attackers to process unauthorized SIM card changes on prepaid lines. Also known as SIM swapping, unauthorized SIM card changes can allow for the transfer of an unsuspecting person's phone number to another phone. 

From there, the counterfeit phone can be used to receive SMS messages for password resets and user identification verifications on other accounts, giving attackers potential access to any account they have, or can guess, the username for. Consequently, Verizon recommended affected customers secure their non-Verizon accounts such as social media, financial, email and other accounts that allow for password resets by phone.

In Verizon's notice, the mobile giant reassured customers that if an unauthorized SIM card change did occur, it has since been reversed. Additionally, Verizon reset the Account Security Code (PIN) of affected customers. Verizon also encouraged customers to create a new PIN code and set a new password and security question.

If you suspect your Verizon prepaid account information may have been compromised, call Verizon at 877-350-7901 for further assistance.