Syniverse, the targeted telecom firm, works with carriers like T-Mobile, Verizon, Twilio, and AT&T in routing SMS text messages exchanged between them and carriers abroad.
Syniverse, the well-known telecom giant, revealed to the Securities and Exchange Commission that hackers infiltrated its systems for more than five years. As a result, millions of cellphone users’ data and billions of text messages were exposed.
For your information, Syniverse works with carriers like T-Mobile, Verizon, and AT&T in routing messages exchanged between them and carriers abroad. According to the company’s website, it processes more than 740 billion messages per year.
The same company made headlines for the disappearance of Valentine’s Day text messages back in 2019.
About the Hack
According to the filing from the Securities and Exchange Commission published last week, in May 2021, the company learned about unauthorized access to its “operational and information technology systems by an unknown individual or organization…. allowing access to or from its Electronic Data Transfer (EDT) environment.”
Syniverse notified law enforcement and initiated an internal investigation that led to the discovery that the data breach actually started in May 2016. This indicates hackers could be accessing the company’s data for so many years.
The data breach has come to light at a time when Syniverse is preparing to go public after its merger with M3-Brigade Acquisition II Corp- a special purpose acquisition entity. The company has not released any statement about the long-term data breach as yet.
However, it did state that login data for 235 of its clients was compromised in the breach. The company has also notified the affected clients, but none of the carriers have responded to the news apart from T-Mobile that told Ars Technica they are aware of the data breach.
“We are aware of a security incident involving one of third-party vendors, Syniverse however, we have no indication that any personal information, call record details or text message content of T-Mobile customers were impacted,” T-Mobile said in a statement.
A Serious Threat
According to security researcher Karsten Nohl, Syniverse systems have direct access to text messages/phone call records of its users and clients and indirect access to a broad range of internet accounts “protected with SMS 2-Factor authentication.”
Therefore, if someone has access to such crucial data, it will become easier for them to access Microsoft, Google, Facebook, Twitter, Amazon, and all kinds of accounts at once.