Verizon has been notifying prepaid service customers that an unauthorized threat actor managed to gain access to some accounts. According to Verizon, “we determined that between October 6 and October 10, 2022, a third-party actor accessed the last four digits of the credit card used to make automatic payments on your account.” By using the last four digits of the credit card numbers, the threat actor was able to access accounts and make SIM card changes in what is known as a SIM swapping attack. SIM swapping is when an attacker changes the SIM card information to take control of the victim’s phone number. By doing so, they can then use other breach data and attempt to log into third-party accounts. With access to the phone, they will receive the Multi-Factor Authentication codes that are sent via SMS upon login. Verizon has since notified affected customers and switched back all the SIM card changes the threat actors made.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in