Boost Mobile was hit with a breach which affected an unknown number of customer accounts.

“ experienced unauthorized online account activity in which an unauthorized person accessed your account through your Boost phone number and PIN code,” the company said in a notification. “The Boost Mobile fraud team discovered the incident and was able to implement a permanent solution to prevent similar unauthorized account activity.”

The company said it notified those who were affected via text and sent them a new temporary PIN code for their account with a link to a site enabling them to change their PIN code and a contact number to call for questions.

Centripetal Vice President of Marketing Byron Rashed called the breach a classic example of a series of events that enables threat actors to infiltrate networks and exfiltrate customer data and/or PII.

"Usually, a compromised credential from a third-party breach starts the process,” Rashed said. “The threat actor can use various unsophisticated/sophisticated techniques to either obtain a password or crack a hashed password.”

Rashed went on to say that once the account is compromised, the threat actor can find a way into the network and access various databases. The best defense against these kinds of attacks is to use strong unique passwords without anything specific to the individual as noted.