Lorenzo Franceschi-Bicchierai, reporting for Motherboard:
A company that is a critical part of the global telecommunications
infrastructure used by AT&T, T-Mobile, Verizon and several others
around the world such as Vodafone and China Mobile, quietly
disclosed that hackers were inside its systems for years,
impacting more than 200 of its clients and potentially millions of
cellphone users worldwide.
The company, Syniverse, revealed in a filing dated September 27
with the U.S. Security and Exchange Commission that an
unknown “individual or organization gained unauthorized access to
databases within its network on several occasions, and that login
information allowing access to or from its Electronic Data
Transfer (EDT) environment was compromised for approximately 235
of its customers.”
For a moment I thought, 235 customers — that’s not too bad. Then I realized that Syniverse’s “customers” are entire carriers, not individual people. So, yeah, this is bad.
Syniverse repeatedly declined to answer specific questions from
Motherboard about the scale of the breach and what specific data
was affected, but according to a person who works at a telephone
carrier, whoever hacked Syniverse could have had access to
metadata such as length and cost, caller and receiver’s numbers,
the location of the parties in the call, as well as the content of
SMS text messages. […]
The company wrote that it discovered the breach in May 2021, but
that the hack began in May of 2016.
Not what you want.
★ Monday, 4 October 2021