Boost Mobile, a network owned by Sprint, has notified customers of a hacker attack that accessed an unknown number of accounts, according to a report. The company sent out a notification to its customers about the incident.
“On March 14, 2019, Boost.com experienced unauthorized online account activity in which an unauthorized person accessed your account through your Boost phone number and Boost.com PIN code,” the company said. “The Boost Mobile fraud team discovered the incident and was able to implement a permanent solution to prevent similar unauthorized account activity.”
The company did not explain how hackers gained access to customer PINs and did not specify many people were affected. Boost did notify the California attorney general, which is required by law if more than 500 people are affected by the same incident. The company reportedly had 15 million customers last year.
The hackers used the phone numbers and account PINs to break into customer accounts on the Boost website. A common hacking strategy, called a credential stuffing attack, is to automate the account logins using lists of exposed credentials. Boost said it sent affected customers a text with a new temporary pin.
“Boost Mobile sent you a text notifying you that a new temporary PIN code had been established for your account with a link to the Boost.com site so you could change your PIN code and a contact number to call if you had questions,” the company said. “If you have already changed your PIN code, there is no further action necessary. If you have not reset your PIN code, we recommend that you reset it now. As a reminder, we recommend that PIN codes such as 1234 or 1010 are to be avoided.”
The company apologized to its customers and offered tips on how to deal with fraud: “We apologize for the inconvenience that this may cause you. Please be assured that our customers’ privacy is important to us and we will continue to take measures to safeguard your account and personal information. Please contact Boost Mobile Customer Care at 1-866-402-7366 if you have any questions or concerns regarding this matter,” the company said.