Boom! Mobile

Boom! Mobile is a mobile virtual network operator with its headquarters located in the United States. As an MVNO, it delivers wireless voice, data and messaging services to customers by leveraging the network infrastructure of partner carriers. The company makes its service offerings available to consumers through an online e‑commerce platform. This platform allows users to select and purchase mobile plans directly via the web. By operating without owning physical radio towers, Boom! Mobile can focus on service provisioning and customer support.

In October 2020, Boom! Mobile’s e‑commerce platform was compromised by a MageCart attack carried out by the Fullz House group. The attackers injected a malicious script that was disguised as a Google Analytics tag into the checkout pages of the site. This script operated by monitoring changes to input fields as customers entered their payment card information. Captured card details were transmitted in real time to attacker‑controlled servers through encoded requests. In addition to the skimming functionality, the compromise redirected visitors to fraudulent payment pages before sending them back to the legitimate checkout flow. The redirection technique exposed users to both direct data theft and phishing‑style deception simultaneously. At the time of discovery, the malicious code had not been removed, allowing the breach to persist and affect ongoing transactions. Because the organization is headquartered in the United States, the incident involved a U.S.-based entity subject to domestic legal frameworks. Public security reporting describes the tactics used by the Fullz House group in this intrusion, confirming the attack vector and behavior. The available information does not include quantitative details on the number of affected customers or the volume of data exfiltrated. No further public updates regarding remediation steps or post‑incident improvements have been provided in the sources consulted.