Incident Details

Incident: Visible Accounts Hacked Due to Exploited Username/Passwords.

Published Date: 2021-10-13

Postmortem Analysis
Timeline	1. The software failure incident of Visible accounts being hacked happened this week [120041]. 2. The article was published on 2021-10-13. 3. Therefore, the software failure incident of Visible accounts being hacked occurred in October 2021.
System	1. Username/password authentication system 2. Visible accounts system 3. Visible app 4. Billing system 5. Tech support system 6. Customer information security system
Responsible Organization	1. Threat actors who accessed username/passwords from outside sources and exploited that information to login to Visible accounts [120041].
Impacted Organization	1. Some Visible customers [120041]
Software Causes	1. The software failure incident at Visible was caused by threat actors accessing username/passwords from outside sources and exploiting that information to login to Visible accounts [120041].
Non-software Causes	1. The breach occurred due to threat actors being able to access username/passwords from outside sources, indicating a potential issue with password security practices [120041].
Impacts	1. Some Visible customers had their accounts hacked, with account information changed and unauthorized purchases made using their payment information [120041]. 2. The breach resulted in customers' personal information being compromised, leading to potential financial losses and privacy concerns [120041]. 3. Visible customers may have experienced inconvenience and frustration due to the unauthorized access to their accounts and the need to update their login information [120041].
Preventions	1. Implementing multi-factor authentication (MFA) could have prevented the software failure incident by adding an extra layer of security beyond just usernames and passwords [120041]. 2. Regularly conducting security audits and vulnerability assessments to identify and address potential weaknesses in the system could have helped prevent unauthorized access to customer accounts [120041]. 3. Educating customers on the importance of using unique and strong passwords for different services to prevent the exploitation of login information obtained from outside sources [120041].
Fixes	1. Implementing multi-factor authentication to add an extra layer of security to user accounts [120041]. 2. Conducting regular security audits and vulnerability assessments to identify and address potential weaknesses in the system [120041]. 3. Enhancing user education on creating strong and unique passwords, as well as avoiding password reuse across multiple services [120041].
References	1. Visible customers on social media [Article 120041] 2. Verizon-owned prepaid carrier statement on Twitter [Article 120041]

Software Taxonomy of Faults

Category	Option	Rationale
Recurring	unknown	(a) The software failure incident having happened again at one_organization: The article does not mention any previous similar incidents happening again within the same organization. (b) The software failure incident having happened again at multiple_organization: The article does not mention any previous similar incidents happening again at other organizations.
Phase (Design/Operation)	design, operation	(a) The software failure incident in Article #120041 occurred due to contributing factors introduced by system development. The breach of Visible customers' accounts was attributed to threat actors accessing username/passwords from outside sources and exploiting that information to login to Visible accounts. This indicates a failure related to the design phase of the system development [120041]. (b) The software failure incident in Article #120041 also involved contributing factors introduced by the operation or misuse of the system. Customers reported that their accounts appeared to have been hacked, with account information changed and new phones ordered using their payment information. This suggests a failure related to the operation phase, where unauthorized access and misuse of the system led to the breach [120041].
Boundary (Internal/External)	within_system, outside_system	(a) within_system: The software failure incident reported in Article 120041 was within the system. The breach occurred due to threat actors being able to access username/passwords from outside sources and exploit that information to login to Visible accounts. This indicates that the failure originated from within the system's security vulnerabilities [120041]. (b) outside_system: The software failure incident was also influenced by factors outside the system, as the threat actors were able to access username/passwords from external sources. This external factor contributed to the breach of Visible customer accounts [120041].
Nature (Human/Non-human)	non-human_actions	(a) The software failure incident in Article 120041 occurred due to non-human actions. The breach of Visible customers' accounts was attributed to threat actors accessing username/passwords from outside sources and exploiting that information to login to Visible accounts. This indicates that the failure was a result of factors introduced without human participation [120041]. (b) The software failure incident in Article 120041 did not mention any contributing factors introduced by human actions.
Dimension (Hardware/Software)	software	(a) The software failure incident reported in Article 120041 was not attributed to hardware issues. Instead, the incident was related to a breach in customer accounts due to threat actors accessing username/passwords from outside sources and exploiting that information to login to Visible accounts. This indicates that the contributing factors that led to the failure originated in software, specifically in the security vulnerabilities that allowed unauthorized access to customer accounts [120041].
Objective (Malicious/Non-malicious)	malicious	(a) The software failure incident reported in Article 120041 is malicious in nature. The incident involved some Visible customers' accounts being hacked, with account information changed and unauthorized charges made using their payment information. The breach was attributed to threat actors who accessed username/passwords from outside sources and exploited that information to login to Visible accounts, indicating a deliberate intent to harm the system and compromise customer accounts [120041].
Intent (Poor/Accidental Decisions)	poor_decisions	The software failure incident reported in Article 120041 was related to a hack where some Visible customers' accounts were accessed and/or charged without their authorization. The breach occurred due to threat actors being able to access username/passwords from outside sources and exploit that information to login to Visible accounts. This indicates that the software failure incident was driven by poor decisions in terms of the security measures implemented by Visible, leading to unauthorized access to customer accounts [120041].
Capability (Incompetence/Accidental)	development_incompetence	(a) The software failure incident in Article 120041 was not explicitly attributed to development incompetence. However, the incident involved threat actors accessing username/passwords from outside sources and exploiting that information to login to Visible accounts. This could potentially be linked to a lack of professional competence in terms of ensuring robust security measures to protect customer information [120041]. (b) The software failure incident in Article 120041 was more aligned with an accidental failure. The breach occurred due to threat actors being able to access username/passwords from outside sources and exploit that information to login to Visible accounts. This indicates that the breach was not intentional but rather a result of external malicious actors taking advantage of vulnerabilities in the system [120041].
Duration	temporary	(a) The software failure incident in Article 120041 seems to be temporary. The incident involved some Visible customers reporting that their accounts appeared to have been hacked, with account information changed and unauthorized charges made. Visible confirmed that some customers' accounts were breached due to threat actors accessing username/passwords from outside sources and exploiting that information to login to Visible accounts. The company urged customers to update their login information and contact them if they believe their account has been compromised. This indicates that the failure was due to specific circumstances (hackers accessing login information) rather than a permanent issue affecting all accounts [120041].
Behaviour	value, other	(a) crash: The software failure incident in the article does not involve a crash where the system loses state and stops performing its intended functions [120041]. (b) omission: The incident does not involve the system omitting to perform its intended functions at an instance(s) [120041]. (c) timing: The failure is not related to the system performing its intended functions correctly but too late or too early [120041]. (d) value: The software failure incident is related to the system performing its intended functions incorrectly, as unauthorized access occurred, account information was changed, and unauthorized charges were made [120041]. (e) byzantine: The incident does not involve the system behaving erroneously with inconsistent responses and interactions [120041]. (f) other: The behavior of the software failure incident in the article is related to unauthorized access by threat actors who exploited username/passwords from outside sources to login to Visible accounts, leading to compromised accounts and unauthorized charges [120041].

IoT System Layer

Layer	Option	Rationale
Perception	None	None
Communication	None	None
Application	None	None

Other Details

Category	Option	Rationale
Consequence	property	(d) property: People's material goods, money, or data was impacted due to the software failure. Visible customers reported that their accounts appeared to have been hacked, with account information changed and in some cases new phones ordered using their payment information. The breach resulted in unauthorized access and charges on some member accounts [120041].
Domain	information	(a) The software failure incident reported in Article 120041 is related to the industry of information. Visible, a prepaid carrier, experienced a breach where some customers' accounts were hacked, with account information changed and unauthorized charges made [120041]. This incident highlights the importance of securing customer accounts and protecting sensitive information in the information industry.

Sources

Visible confirms some customer accounts were breached - CNET - Published on: 2021-10-13
Article ID: 120041

Back to List