If you signed up for Boom Mobile between 9/30/20 and 10/5/20 or made any other purchase on the site between those dates with manual credit card entry, it's time for you to get a new credit card. A portion of Boom Mobile's website had been infected with malware during that time frame.
Ars Technica first reported on the incident giving a detailed explanation as to how the malware was stealing customer data. Basically, anyone manually entering credit card data into the site during that time had their data siphoned off to another server under the control of a criminal hacking group. A Boom Mobile representative confirmed the incident in a Howard Forums thread and stated the website has since been cleaned up. Customers who had autopay enabled on their accounts should not have been affected by the attack. The full statement from the rep follows:
"Boom MOBILE deeply regrets this incident happened. From the start, we moved quickly to contain the incident and conduct a thorough investigation. We have found that the malware was located only on our shopping cart at boom.us and not on any of our other sites such as myaccount.boom.us which is used by customers to manage their billing. We encourage customers who may have made a purchase from www.boom.us between 9/30/20 – 10/5/20 to take the necessary precautions with their credit card company. This incident did not compromise any boom MOBILE accounts, saved payment or autopay details. Our saved payment/autopay system does not store any bank information and was verified to be safe. The credit card processor provides us with a secure token than can only be used by boom! MOBILE from our secure server. We are committed to protecting your data & privacy. We are PCI compliant and do not store financial data on our servers. Our shopping cart provider has ensured us our site is safe and the malware has been removed."
Although no other Boom Mobile customer account data seems to have been compromised, if you are a current Boom subscriber you may still want to consider changing your account password.