Boost Mobile was hit with a breach which affected an unknown number of customer accounts.
“Boost.com experienced unauthorized online account activity in which an unauthorized person accessed your account through your Boost phone number and Boost.com PIN code,” the company said in a notification. “The Boost Mobile fraud team discovered the incident and was able to implement a permanent solution to prevent similar unauthorized account activity.”
The company said it notified those who were affected via text and sent them a new temporary PIN code for their account with a link to a site enabling them to change their PIN code and a contact number to call for questions.
Centripetal Vice President of Marketing Byron Rashed called the breach a classic example of a series of events that enables threat actors to infiltrate networks and exfiltrate customer data and/or PII.
“Usually, a compromised credential from a third-party breach starts the process,” Rashed said. “The threat actor can use various unsophisticated/sophisticated techniques to either obtain a password or crack a hashed password.”
Rashed went on to say that once the account is compromised, the threat actor can find a way into the network and access various databases. The best defense against these kinds of attacks is to use strong unique passwords without anything specific to the individual as noted.