Syniverse quietly admits it was hacked for five years

Softly, softly is often the best way to admit something’s gone epically wrong.

And so Syniverse, which routes hundreds of billions of text messages a year for hundreds of major carriers, has just quietly admitted that for five years a hacker had access to its databases.

The Florida-based company handles 740 billion text messages annually for carriers around the world including Vodafone, AT&T, T-Mobile, Verizon and China Mobile. Of the 100 largest carriers in the world, 95 – which also include América Móvil and China Unicom – are Syniverse customers.

Syniverse made the disclosure on page 69 of a lengthy September 27 filing with the US Securities and Exchange Commission (SEC). This May, said the company, it became aware that an “unknown individual or organization” had gained unauthorized access to its network “on several occasions,” beginning in May 2016. Log-in information “was compromised for approximately 235 of its customers,” says the company.

The impact may have been enormous: When Syniverse went down for a few seconds on February 14, 2019, more than 168,000 text messages were lost in transit until November.

Hackathon

Founded in 1987, Syniverse has eked out for itself a prominent position in stitching different mobile carriers’ networks together to transmit data from one to another. It’s unclear exactly what was compromised, which could have included either just metadata or the content of text messages too, including one-time passcodes to unlock two-factor-authentication-protected accounts.

To read the complete article, visit Light Reading.