Synverses, a telecommunications company that helps carriers like Verizon, T-Mobile and AT&T route messages between themselves and other carriers overseas, revealed last week that it was the subject of a possible five-year hacking. If the name Synverses sounds familiar to you, the company is also responsible for the disappearance of a series of Valentine’s Day text messages in 2019.
The hack in question was brought to light in a Securities and Exchange Commission Synverse file released last week. In it, Syniverse shares that in May 2021, it “became aware of unauthorized access to its operational and IT systems by an unknown person or organization.” The company performed due diligence by notifying law enforcement and conducting an internal investigation, which found that the security breach began in May 2016. This represents five years of access ( possibly) without hindrance.
Hackers “have repeatedly obtained unauthorized access to databases on its network, and this login credentials for accessing or from its electronic data transfer (EDT) environment have been compromised for approximately 235 of its customers “, indicates the file. This could include access to call records and metadata such as phone numbers, locations and text message content, depending on Motherboard’s sources.
Synverse’s SEC file says the company notified everyone involved in the breach and the reset credentials were appropriate. In addition, “Syniverse has observed no evidence of intent to disrupt its operations or those of its customers and there has been no attempt to monetize unauthorized activity,” the file said. Verizon, AT&T and Syniverse did not immediately respond to a request for comment from The edge, while T-Mobile referred the questions to CTIA. T-Mobile said Ars Technica that he was “aware of a security incident” with Syniverse but that there is “no indication that the personal information, details of call records or the content of text messages from T- customers Mobile were affected “.
Synverse’s security flaw was exposed as the company tried to go public through a merger with a Special Purpose Acquisition Company (SPAC), but it appears to be a target in the first place due to the size of the company. Syniverse has spent the last decade becoming a quasi-custodian for several US operators through acquisitions, The edge‘s earlier report found. Size matters in business, but like the SolarWinds hack, it matters even more when something goes wrong.
- Largest mobile SMS routing company reveals five-year breach
- Large SMS routing company admits it was hacked for five years
- South Korean telecom company KT suffers nationwide outage after routing error
- MyRepublic Discloses Data Breach Exposing Government ID Cards
- T-Mobile data breach puts 48 million people at serious risk of identity theft [updated]