Five year-long breach disclosed by largest mobile SMS routing firm

Harshika Sofat

October 4, 2021

Syniverse, a telecom company that helps carriers like Vodafone, AT&T, T-Mobile, Verizon, America Movil, Telefonica, and China Mobile, route messages between each other and other carriers abroad, disclosed last week that it was the subject of a possible five-year-long hack. According to the company, its infrastructure processes more than 740 billion messages every year, enabling interconnectivity between mobile network operators and giving them unparalleled visibility into all messages hitting your network. Syniverse, a service provider for most telecommunications companies, disclosed that hackers had access to its databases over the past five years and compromised login credentials belonging to hundreds of customers. The company discovered in May 2021 that someone had "unauthorized access" to its operational and IT systems since May 2016, and during that time had "several" opportunities to access network databases. The intruders compromised logins for Syniverse's Electronic Data Transfer environment for about 235 carriers, according to the company. Syniverse’s SEC filing says the company notified anyone caught up in the breach, and reset credentials were appropriate. Additionally, Syniverse did not observe any evidence of intent to disrupt its operations or those of its customers and there was no attempt to monetize the unauthorized activity, the filing states. Even if the investigation did not reveal any evidence against the hackers, the company does not exclude the possibility of data exfiltration, which could impact its business, employees, customers, suppliers, and vendors, and could also lead to a future cyber-attack. Syniverse said it fixed the security flaws and notified all customers when legally required, but that no additional action was necessary at this stage.

Abridged fromBleeping COmputer