Sprint-owned virtual mobile network operator Boost Mobile quietly informed customers that it suffered a data breach that allowed hackers to access some user accounts. In a notice posted on the Boost Mobile website, the company said a previously undisclosed breach occurred on March 14th, 2019 and resulted in a number of customer phone numbers and PIN codes being exposed.
Boost Mobile did not say how many people were affected by the breach. Engadget reached out to Sprint for additional information and will update this story if we hear back. As noted by TechCrunch, Boost Mobile notified California's attorney general of the breach, an action that is required if more than 500 people in the state are affected by a security incident.
Details as to how a hacker apparently accessed the customer data was not provided by Boost. However, the company said the stolen information was used to login to user accounts through Boost's website. Once in a customer's account, the attacker could change settings. In response to the breach, Boost has provided affected customers with a temporary PIN sent via text that they can use to access their account. The breach comes less than a year after security researchers discovered a set of logins that made it possible to access limited sets of data belonging to Boost and Virgin Mobile customers.