Boost Mobile says hackers broke into customer accounts

Boost Mobile, a virtual mobile network owned by Sprint, has confirmed hackers have broken into an unknown number of customer accounts.

The company quietly posted a notification of its data breach almost exactly two months after March 14 when Boost said the breach happened.

“Boost.com experienced unauthorized online account activity in which an unauthorized person accessed your account through your Boost phone number and Boost.com PIN code,” said the notification. “The Boost Mobile fraud team discovered the incident and was able to implement a permanent solution to prevent similar unauthorized account activity.”

It’s not known exactly how the hackers obtained customer PINs — or how many Boost customers are affected. The company also notified the California attorney general, which companies are required to do if more than 500 people in the state are affected by the same security incident.

Boost Mobile reportedly had 15 million customers in 2018.

The hackers used those phone numbers and account PINs to break into customer accounts using the company’s website Boost.com, said the notification. These codes can be used to alter account settings. Hackers can automate account logins using lists of exposed usernames and passwords — or in this case phone numbers and PIN codes —in what’s known as a credential stuffing attack.

Boost said it has sent a text to affected customers with a temporary PIN.

A spokesperson for Sprint did not immediately comment. We’ll have more when we get it.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s