Visible, a budget cellular carrier owned by Verizon, has confirmed that hackers accessed and charged user accounts.
The incident, first reported by The Verge, came to light earlier this week after Visible customers took to social media to report that their accounts had been hijacked. Some reported that their email address and password had been changed, and many said that unwanted charges had been made through their Visible accounts.
One customer wrote in the Visible subreddit that their account was hacked and an iPhone bought with that user’s connected PayPal account. Another said they had three iPhones ordered within 24 hours in their name. “Each time a different shipping/billing address,” they said.
While Visible initially remained silent on the issue, the company on Wednesday confirmed on Twitter that “threat actors were able to access username/passwords from outside sources, and exploit that information to log in to Visible accounts.” This, along with a follow-up tweet advising users not to re-use passwords across multiple accounts, suggests those affected were likely victims of a large-scale credential stuffing attack, whereby stolen account credentials, typically consisting of lists of usernames and/or email addresses and corresponding passwords, are used to gain unauthorized access to accounts using automated login requests.
However, although this suggests that Visible itself wasn’t breached, many customers have highlighted the carrier’s lack of two-factor authentication (2FA) support, which may have prevented the hijacking of accounts.
TechCrunch has asked Visible whether it has plans to enable 2FA, but the company has yet to respond. The carrier has not yet said how many users are affected.
We're aware of an issue in which some member accounts were accessed and/or charged without their authorization. As soon as we were made aware of the issue, we initiated a review & deployed tools to mitigate the issue, enabling additional controls to further protect our members.🧵
Techcrunch eventJoin 10k+ tech and VC leaders for growth and connections at Disrupt 2025
Netflix, Box, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, Vinod Khosla — just some of the 250+ heavy hitters leading 200+ sessions designed to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss the 20th anniversary of TechCrunch, and a chance to learn from the top voices in tech. Grab your ticket before doors open to save up to $444.
Join 10k+ tech and VC leaders for growth and connections at Disrupt 2025
Netflix, Box, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, Vinod Khosla — just some of the 250+ heavy hitters leading 200+ sessions designed to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss a chance to learn from the top voices in tech. Grab your ticket before doors open to save up to $444.
San Francisco | October 27-29, 2025— Visible (@Visible) October 13, 2021
In a statement given to The Verge, the company said: “Visible is aware of an issue in which some member accounts were accessed and/or charged without their authorization. As soon as we were made aware of the issue, we immediately initiated a review and started deploying tools to mitigate the issue and enable additional controls to further protect our customers.
“Protecting customer information — including securing customer accounts — is critically important to our company and our customers. As a reminder, our company will never call and ask for your password, secret questions or account PINs. If you feel your account has been compromised, please reach out to us via chat at visible.com.”
Per the Visible subreddit, the company has also told customers that, moving forward, “any purchases will require you to re-validate your payment information as an added security measure.” The company is also advising users to reset their passwords, particularly if it’s one that’s used for multiple services.
T-Mobile confirms it was hacked after customer data posted online
