Update icon

Visible Security Update

Earlier today, Visible shared a few tweets with updates on the security issue I posted about yesterday. Here’s the important bit:

Our investigation indicates that threat actors were able to access username/passwords from outside sources, and exploit that information to login to Visible accounts.

Taking Visible at face value, it looks like the attacker is exploiting information leaked in an unrelated data breach.1 Consequently, I’m not sure it’s entirely accurate to say Visible was hacked.2

I’m not sure what end game the attacker has planned. It sounds like many people are seeing fraudulent phone orders charged to the billing information on file in compromised accounts. Even if the fraudulent orders are fulfilled, it should be easy for Visible to track down the culprit. After all, the company knows where each phone is sent. Maybe I’m missing something.

Spitballing, I came up with a few possibilities:

  • Fraudulent orders could be a red herring to distract from the attacker’s real goal.
  • Multiple attackers could be working independently with the same compromised data.
  • An attacker could compromise numerous accounts and send phones to a large number of addresses. If only a small portion of the addresses were under the attacker’s control, it would be difficult and expensive for Visible to track down the attacker.

I don’t find any of these possibilities particularly likely. It’ll be interesting to see how this plays out.

Image conveying the idea of security

Security Issues At Visible

Visible, Verizon’s flanker brand, recently underwent some kind of security issue. Over the last day or two, subscribers have been posting in Visible’s Reddit community reporting hacked accounts, fraudulent orders, and loss of account access.

A Visible staff member shared the following update on Reddit:

We’re currently investigating an incident where information on a small number of member accounts was changed without their authorization. We’re working hard to take protective steps to secure these accounts.

We don’t believe that any Visible systems have been breached or compromised, nor that this unauthorized access to your Visible account is ongoing. However, for your protection, we recommend you review your account contact information and change your password and security questions to your Visible account. We also recommend that you review any other accounts that share the same email, login, or password, and make any changes you determine necessary to secure those accounts.

I’m unsure what’s meant by “a small number of member accounts”, but the volume of Reddit posts reporting issues suggests the issue is far from trivial. Adding insult to injury, it looks like Visible’s password reset feature has failed to function properly for many users trying to secure their accounts.

Megaphone cartoon

MobileX Announces Partnership With Verizon

For over a year, Peter Adderton, the founder of Boost Mobile, has been dropping hints about MobileX, a new cellular carrier he’s starting. Adderton has suggested MobileX will take a novel and consumer-friendly approach, but details about MobileX’s plans have been sparse until today.

This morning, Mobile X Global announced that its U.S. brand, MobileX, is partnering with Verizon. The partnership will allow MobileX to take advantage of Verizon’s Network as a Service platform. I don’t know much about the ins and outs of Verizon’s platform, but it will allow MobileX to offer service over Verizon’s network and potentially deliver features that conventional MVNOs cannot.

MobileX’s Ambitions

According to today’s press release, MobileX is aiming to launch in the U.S. in early 2022. The release also noted Mobile X Global’s goal of eventually offering a seamless user experience across countries:

[The Mobile X Global platform] will allow customers to seamlessly switch across global networks, with one number and one service that extends beyond borders.

Adderton was quoted stressing the unique and highly customizable nature of the MobileX platform:

Mobile X Global will deliver an incredibly intuitive, easy-to-use and real-time proprietary platform that truly puts the power in the hands of the consumer. Now they can choose what they want, when they want, and only pay for what they need. The innovations in our cloud-based platform enable unprecedented levels of customization and flexibility.

I’m not sure what MobileX’s offerings will look like. Last year, I shared a bit of speculation, largely based on mockup images. I’m hoping we’ll see MobileX bring unique approaches to pricing, network switching, and user control of service quality. I suspect more details will come to light over the next few months.