Syniverse, a service provider for most telecommunications companies, disclosed that hackers had access to its databases over the past five years and compromised login credentials belonging to hundreds of customers. Self-described as “the world’s most connected company,” Syniverse provides text messaging routing services to over 300 mobile operators, among them Vodafone, AT&T, T-Mobile, Verizon, America Movil, Telefonica, and China Mobile. Syniverse is so big that it brags about having as its customers “nearly every mobile communications provider, the largest global banks, the world’s biggest tech companies.” In a filing on September 27 with the U.S. Securities and Exchange Commission (SEC) spotted by Motherboard journalist Lorenzo Franceschi-Bicchierai, Syniverse disclosed that an unauthorized party accessed on several occasions databases on its network. When the company became aware of the intrusions in May 2021, an internal investigation began to determine the extent of the hack. “The results of the investigation revealed that the unauthorized access began in May 2016,” the company reveals in the SEC filing. For five years, attackers maintained access to Syniverse internal databases and compromised the login data for the Electronic Data Transfer (EDT) environment belonging to about 235 customers. The company notes that its investigation did not reveal intent to disrupt operations or to monetize from the intrusion. Even if the investigation did not find any evidence, the company does not exclude the possibility of data exfiltration, which could impact its business, employees, customers, suppliers, and vendors, and could also lead to a future cyber-attack. From its role as an intermediary between mobile carriers, it is easy to infer the type of data the hackers could access by breaching Syniverse: at least details about the source, destination, timestamps, general location, and possibly the content of the text messages.
With the possibility of the attackers monitoring and exfiltrating SMS messages for years, the possibility of stolen login and personal data is huge. All users should be prepared for increased phishing activity over a multitude of platforms. It would also be advised to change all login credentials to new and complex passwords that are unique to the login.