Phone Retailer Boost Mobile Announces a Data Breach Two Months After It Happened

Boost Mobile Data Breach

The Boost Mobile brand was brought to the US nearly eighteen years ago. Since then, the phone retailer and telecommunication service provider has invested enormous sums of money into marketing efforts, and it now bills itself as the company that provides "the best unlimited plans with no annual service contracts." It's difficult to say how many people are using Boost Mobile's services, but it's fair to say that the number probably isn't insignificant. These people might not be very happy to learn that Boost Mobile suffered a cyberattack recently. They will probably be even more upset about the way the company reported the incident.

Boost Mobile got hit by hackers

According to a notification posted last week, on March 14, Boost Mobile's IT people noticed unusual activity on the company website. After a brief investigation, they found out that hackers were using phone numbers and PIN codes to gain unauthorized access to unsuspecting customers' accounts. Once in, the crooks had the chance to get to some personal information as well as change users' plan and accounts settings.

As soon as they discovered the attack, Boost Mobile's IT specialists implemented a "permanent solution". Users have received a text message with a temporary PIN code and a link through which they can reset it. Although the nature of the exposed information was not disclosed, the notice was furnished with a generic-looking list of steps that you need to take if you suspect that you've been a victim of identity theft.

More than a few questions are left unanswered

The more observant among you have probably noticed that the incident took place a little over two months ago, and yet the data breach notification was posted last week. This is not that uncommon. In fact, sometimes, data breaches remain unreported for months or even years simply because the targeted companies don't know about them. With Boost Mobile, however, things are a bit different. Its IT team noticed the attack as it was happening, and they apparently fixed it immediately. In light of this, it becomes rather interesting to learn why it took the telecom provider close to two months to issue an official notice.

Speaking of the official notice, given that they had so much time to prepare it, some of the obvious errors in it seem rather peculiar. It says, for example, that the unauthorized access activity was observed on "Boost.com". Boost.com is the website of a Nestlé -owned brand of nutritional drinks which has nothing to do with Boost Mobile. The people writing the notice probably meant Boostmobile.com.

This is the least of the statement's problems, though. For one, it gives us no clue as to how many users are affected. The fact that the data breach notice was also filed with the State of California suggests that no fewer than 500 residents of The Golden State might have had their accounts exposed, but that's about as much as we know.

Boost Mobile's team also said that the unauthorized access was enabled by correct phone number and PIN code combinations, but they failed to say how the hackers got their hands on the credentials. Did they guess them? Did they phish them? Or was Boost Mobile's security breached? The answers are nowhere to be seen. We have no way of knowing how "permanent" the "permanent solution" is, either, because we have no idea what the provider did exactly.

This is not the first time we've seen a company struggling with the matter of reporting a data breach. The notices of even the biggest names in the technology industry like Amazon aren't always as informative as they should be which does suggest that we might need some standardization and even regulation around data breach reporting. Sadly, this is a somewhat Utopian goal that, as things stand, is unlikely to be achieved anytime soon. That's why, when you're faced with breach notices such as the one we described above, you have little other choices than to carefully consider the information you're given and act accordingly. Now, go and change your Boost Mobile PIN code if you haven't already.

By Duran
May 16, 2019
News
English
May 16, 2019
News

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Password Security

Is There Any Difference Between a Data Hack and a Data Breach?

You've heard of data breaches and data hacks. It's been all over the news in recent years with journalists using the words interchangeably, but are they the same? There are similarities to be sure, but they're not the... Read more

June 28, 2018
News

Passwords, Addresses, and Payment Card Data Were Leaked During a Vision Direct Data Breach

Vision Direct, a large, multi-national online retailer of contact lenses, glasses, and other eyecare products recently suffered a data breach which exposed the personal information of some of its customers. This type... Read more

November 21, 2018
News

Dixons Carphone Data Breach: What to Do If You Are Affected

Dixons Carphone has become the victim of an immense data breach, which exposed 5.9 million credit and debit cards over 1 million of their customers' private files. The breach reportedly began July 2017 and an... Read more

July 13, 2018
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.