Company That Routes Billions of Text Messages Quietly Says It Was Hacked

Lorenzo Franceschi-Bicchierai, reporting for Motherboard:

A company that is a critical part of the global telecommunications infrastructure used by AT&T, T-Mobile, Verizon and several others around the world such as Vodafone and China Mobile, quietly disclosed that hackers were inside its systems for years, impacting more than 200 of its clients and potentially millions of cellphone users worldwide.

The company, Syniverse, revealed in a filing dated September 27 with the U.S. Security and Exchange Commission that an unknown “individual or organization gained unauthorized access to databases within its network on several occasions, and that login information allowing access to or from its Electronic Data Transfer (EDT) environment was compromised for approximately 235 of its customers.”

For a moment I thought, 235 customers — that’s not too bad. Then I realized that Syniverse’s “customers” are entire carriers, not individual people. So, yeah, this is bad.

Syniverse repeatedly declined to answer specific questions from Motherboard about the scale of the breach and what specific data was affected, but according to a person who works at a telephone carrier, whoever hacked Syniverse could have had access to metadata such as length and cost, caller and receiver’s numbers, the location of the parties in the call, as well as the content of SMS text messages. […]

The company wrote that it discovered the breach in May 2021, but that the hack began in May of 2016.

Not what you want.

Monday, 4 October 2021