Hacked Order Page At Boom! Mobile

The mobile virtual network operator (MVNO) Boom! Mobile was recently hacked. Ars Technica has a good article covering the incident.

A bit of malicious code was inserted in the checkout section of Boom’s website. Hackers used the code to skim payment information and credit card numbers from Boom’s customers. It looks like the malicious code was active for at least a few hours, possibly longer.

Boom’s website was running an outdated version of PHP. At this time, I don’t know what vulnerability the hackers took advantage of. I’m also unsure if this was an isolated incident or if Boom was affected by other security breaches.

I’m not sure Boom should have been handling its own payment processing. The carrier may have violated PCI DSS rules.


Update: A representative from Boom posted the following on Howard Forums:

Hey guys,

Thanks for checking in.

boom MOBILE deeply regrets this incident happened. From the start, we moved quickly to contain the incident and conduct a thorough investigation. We have found that the malware was located only on our shopping cart at boom.us and not on any of our other sites such as myaccount.boom.us which is used by customers to manage their billing. We encourage customers who may have made a purchase from www.boom.us between 9/30/20 – 10/5/20 to take the necessary precautions with their credit card company. This incident did not compromise any boom MOBILE accounts, saved payment or autopay details. Our saved payment/autopay system does not store any bank information and was verified to be safe. The credit card processor provides us with a secure token than can only be used by boom! MOBILE from our secure server. We are committed to protecting your data & privacy. We are PCI compliant and do not store financial data on our servers. Our shopping cart provider has ensured us our site is safe and the malware has been removed.

BOOM! Mobile Launches T-Mobile Plans

The mobile virtual network operator BOOM! Mobile recently launched wireless plans that run over T-Mobile’s network. With this addition, BOOM! now offers three types of plans:

  • Boom! Red – service over Verizon’s network
  • Boom! Blue – service over AT&T’s network
  • Boom! Pink – service over T-Mobile’s network

Many of the Boom! Pink plans have the same allotments of minutes, texts, and data as well as the same price points as previously existing Boom! Red plans. Boom! Blue plans with allotments equivalent to those in Pink and Red plans are sometimes available, but they tend to have higher price points.

BOOM! Mobile is also offering several Boom! Pink plans that are unlike the company’s previous offerings. These plans each offer a certain number of Flex Points. Each point can be redeemed for either 1 minute of calling, 1 text message, or 1MB of data.

  • 450 Flex Points (7 Day Plan) – $5
  • 900 Flex Points (14 Day Plan) – $10
  • 3,000 Flex Points (Yearly Plan) – $60

My thoughts

It’s great to see BOOM! Mobile expanding its offerings. For most consumers, I think the Red plans will continue to be the best option since (a) they aren’t more expensive than the Pink plans and (b) they run over Verizon’s extensive network. I expect most consumers looking for coverage over T-Mobile’s could find better deals with an alternative MVNO (e.g., Mint Mobile). Still, I’m glad to see BOOM! Mobile offering access to more networks. The new flex plans are particularly interesting. I’d love to see more carriers come out with plans that use similar structures.