Synverse, a service provider for most carriers, has revealed that hackers have gained access to its databases for the past five years and compromised login credentials belonging to hundreds of customers.
Describing itself as “the most connected company in the world”, Syniverse provides text messaging routing services to more than 300 mobile operators, including Vodafone, AT&T, T-Mobile, Verizon, America Movil, Telefonica and China Mobile.
Synverse is so big that it boasts of having “almost every mobile communications provider, the world’s biggest banks, the world’s biggest technology companies” as its customers.
Violation followed until May 2016
In a Sept. 27 filing with the U.S. Securities and Exchange Commission (SEC) spotted by Motherboard reporter Lorenzo Franceschi-Bicchierai, Syniverse revealed that an unauthorized party had repeatedly accessed the databases of its network.
When the company became aware of the intrusions in May 2021, an internal investigation began to determine the extent of the hack.
“The results of the investigation revealed that the unauthorized access began in May 2016,” the company reveals in the SEC filing.
For five years, hackers maintained access to Syniverse’s internal databases and compromised electronic data transfer environment (EDT) connection data belonging to approximately 235 customers.
Huge node for mobile communications
The company notes that its investigation revealed no intention to disrupt operations or monetize the intrusion.
Even though the investigation found no evidence, the company does not rule out the possibility of data exfiltration, which could impact its business, employees, customers, suppliers and vendors, and could also lead to a future cyberattack.
From its role as an intermediary between mobile operators, it is easy to deduce the type of data that hackers could access by breaking Syniverse: at least details about the source, destination, timestamps, general location and possibly the content of text messages.
According to the company, its infrastructure processes more than 740 billion messages each year, enabling interconnectivity between mobile network operators and giving them “unparalleled visibility into all messages arriving on your network.”
Syniverse describes itself as “the most connected company in the world” with a “secure global network [that] reaches almost every person and device on Earth.
Given the role Syniverse plays in mobile communications around the world and the wealth of sensitive information it must protect, the details of the breach and the intruder’s objective are likely to be subject to scrutiny. further scrutiny by regulators at the national level.
- Text message routing company suffered five-year breach
- Large SMS routing company admits it was hacked for five years
- New SMS smishing malware targets Android mobile users
- T-Mobile data breach puts 48 million people at serious risk of identity theft [updated]
- Hacker Claims Responsibility for T-Mobile Breach in WSJ Interview, Says Carrier Has ‘Horrible’ Security