Syniverse, a company that provides services to most telecom companies, has revealed that hundreds of customers’ login credentials were compromised as hackers continued to gain access to the company’s database over the past five years,
Syniverse provides text messaging routing services to over 300 mobile operators including Vodafone, AT&T, T-Mobile, Verizon, America Movil, Telefonica and China Mobile.
Illegal access discovered in May 2016
In a filing with the U.S. Securities and Exchange Commission (SEC) dated September 27, discovered by motherboard journalist Lorenzo Franceschi-Bicchierai, Syniverse revealed that a database on its network had been accessed multiple times by unauthorized users. In a filing with the U.S. Securities and Exchange Commission (SEC) dated September 27, 2012, it was revealed that unauthorized users had accessed the database on the company’s network multiple times.
The company launched an internal investigation to determine the scope of the hack after discovering the breach in May 2021.
“The investigation revealed that the unauthorized access began in May 2016,” the company said in an SEC filing.
For five years, hackers continued to gain access to Syniverse’s internal database, compromising login data in the Electronic Data Transfer (EDT) environment belonging to about 235 customers.
“All customers using EDT have been notified and their credentials have been reset or disabled, even if their credentials were not affected. All customers whose credentials were affected have been notified.” – Syniverse
The company said that its investigation did not find any intent to interfere with its operations or to monetize the intrusion.
Even though the investigation found no evidence, the company has not ruled out the possibility of a data breach that could affect its business, employees, customers, suppliers and vendors, and lead to future cyber attacks.
Syniverse says its infrastructure processes more than 740 billion messages each year, enabling interconnection between mobile operators and providing “unparalleled visibility into every message that reaches the network.
Syniverse describes itself as “the world’s most connected company”, providing “a secure global network that reaches virtually every person and device on the planet”.
Given the role that Syniverse plays in mobile communications around the world and the mountain of sensitive information that the company must protect, the details of this breach and the goals of the intruders are likely to receive more scrutiny from national-level regulators.