Syniverse, a telecom firm that helps carriers like Verizon, T-Mobile, and AT&T route messages between one another and different carriers overseas, disclosed final week that it was the topic of a potential 5 yr lengthy hack. If the identify Syniverse sounds acquainted, the corporate was additionally accountable for the disappearance of a swath of Valentine’s Day textual content messages in 2019.
The hack in query was dropped at gentle in a Securities and Exchange Commission submitting Syniverse revealed final week. In it, Syniverse shares that in May 2021 it “turned conscious of unauthorized entry to its operational and knowledge know-how programs by an unknown particular person or group.” The firm did its due diligence notifying legislation enforcement and conducting an inner investigation, ensuing within the discovery that the safety breach first began in May 2016. That’s 5 years of (probably) unfettered entry.
The hackers “gained unauthorized entry to databases inside its community on a number of events, and that login data permitting entry to or from its Electronic Data Transfer (EDT) surroundings was compromised for roughly 235 of its prospects,” the submitting reads. That might embrace entry to name information, and metadata like telephone numbers, areas, and the content material of textual content messages, in keeping with Motherboard’s sources.
Syniverse’s SEC submitting says the corporate notified anybody caught up within the breach, and reset credentials had been acceptable. Additionally, “Syniverse didn’t observe any proof of intent to disrupt its operations or these of its prospects and there was no try to monetize the unauthorized exercise,” the submitting states. Verizon, AT&T, and Syniverse didn’t instantly reply to a request for remark from The Verge, whereas T-Mobile referred inquiries to the CTIA. T-Mobile did inform Ars Technica that it was “conscious of a safety incident” with Syniverse however there’s “no indication that any private data, name document particulars or textual content message content material of T-Mobile prospects had been impacted.”
Syniverse’s safety breach was revealed as the corporate is attempting to go public by means of a merger with a particular goal acquisition firm (SPAC), nevertheless it looks like it was a goal within the first place due to the corporate’s dimension. Syniverse has spent the final decade changing into a quasi-gatekeeper for a number of US carriers by means of acquisitions, The Verge’s earlier reporting discovered. Size issues in enterprise, however as with the SolarWinds hack, it issues much more when one thing goes flawed.