I’m not sure what end game the attacker has planned. It sounds like many people are seeing fraudulent phone orders charged to the billing information on file in compromised accounts. Even if the fraudulent orders are fulfilled, it should be easy for Visible to track down the culprit. After all, the company knows where each phone is sent. Maybe I’m missing something.
Spitballing, I came up with a few possibilities:
- Fraudulent orders could be a red herring to distract from the attacker’s real goal.
- Multiple attackers could be working independently with the same compromised data.
- An attacker could compromise numerous accounts and send phones to a large number of addresses. If only a small portion of the addresses were under the attacker’s control, it would be difficult and expensive for Visible to track down the attacker.
I don’t find any of these possibilities particularly likely. It’ll be interesting to see how this plays out.