It's exactly (afaik?) what it's for - you want to transfer your number to a different network, you have to request the PUK from the old one and give it to the new one.
So if I know yours (and your number) I can transfer it to a different network, registered to an account in my control.
PUK is Pin Unlocking Key - it's a burned-in passcode on your sim card that can be used to unlock it should you enter your pin incorrectly too many times.
I thought PUK was for (un)locking the SIM to manage its usability, not for porting a number out of a carrier? Never heard of them being related before... I thought they're different things entirely?
PUKs are a 8 digit code burnt on the SIM at manifacture (or whenever the network personalises them), don't change, are not checked by the network, its "just" always you to reset the SIM Pin after entering it wrong 3 times. atleast here in the UK it's normally printed on the full size card of the Combi SIM you punch your desired SIM out of.
Not at lot people I come across use SIM Pins any more, but they help prevent someone taking the SIM out of your phone, placing it in another and authing to the cell network "as you" to be able to make/receive calls/sms. A PUK is only "good" for as long as it takes for the orig owner of the sim to report thier phone lost/stolen (A PUK will unlock a PIN blocked SIM even if its deactivated because it happens before the SIM exchanges any data with the network, but if the SIM is won't any any difference and honestly, I don't come across many PIN protected SIMs even from techies in my social group).
PACs are codes generated by the network at time of request (here in the UK you can get one simply by sms'ing PAC to 65075), they are valid for 30 days and is what you would give to a new network to port your number to them. However they are not the best method of attack IMO. They will still alert the customer that a PAC has been issued. (when I last asked for one I do so online and they still sms'ed me the code, so the orig owner can be alerted. Here in the UK it takes atleast 6 hours to port a number, but personally I've found it to be closer to 24 hours as long as the request is made Monday-Thursday (they don't process them over the weekends).
If you are in phsyical procession of the SIM to ask for a PAC via SMS/Phone in order to do a 2FA SMS attack, might as well do the 2FA SMS there and then and save waiting around for the number to port to a new networks SIM, if you are not in procession of the SIM and you are doing a social engineering attack it's much quicker to walk into a store of the networks and get a "replacement SIM" on the same network as you can walk out of the store with the SIM activated and the original one deactivated.
Stores should be validating ID's for an instant in-person replacement SIMs but often they do not, heck the last time I changed my phone in person (I buy my phone outright and have a SIM only plan) just the fact that I dropped the cash on a brand new phone was enough for them to to issue me a new SIM, but in the process they had reset the adult content block on the account and I had to show ID to prove I was over 18 (I'm clearly over 18 :-P) before they would remove the block. (Got new phone, they activated my new sim, I left the store with a new phone, went around the corner to a bar to set it up over a pint, found the content block, finsihed my pint and went back to the store to get them to unblock it. It only then dawned on me that they just gave someone access to my phone number (granted, it was me they gave the access to) with no checks, but wanted ID to disable the adult content block...)
I have recently ported a number of rare/hard to acquire DIDs from cellular carriers to wholesale SIP trunking providers, and did need the PUK in order to sign in to the cellular carrier's website to make an account, fill out my information and get the documentation to submit for the port.
