Syniverse, a telecom firm that helps carriers like Verizon, T-Cell, and AT&T route messages between one another and different carriers overseas, disclosed final week that it was the topic of a doable 5 12 months lengthy hack. If the title Syniverse sounds acquainted, the corporate was additionally chargeable for the disappearance of a swath of Valentine’s Day textual content messages in 2019.
The hack in query was dropped at mild in a Securities and Alternate Fee submitting Syniverse printed final week. In it, Syniverse shares that in Could 2021 it “turned conscious of unauthorized entry to its operational and data expertise methods by an unknown particular person or group.” The corporate did its due diligence notifying legislation enforcement and conducting an inside investigation, ensuing within the discovery that the safety breach first began in Could 2016. That’s 5 years of (probably) unfettered entry.
The hackers “gained unauthorized entry to databases inside its community on a number of events, and that login data permitting entry to or from its Digital Knowledge Switch (EDT) setting was compromised for about 235 of its clients,” the submitting reads. That would embody entry to name data, and metadata like cellphone numbers, areas, and the content material of textual content messages, in response to Motherboard’s sources.
Syniverse’s SEC submitting says the corporate notified anybody caught up within the breach, and reset credentials had been applicable. Moreover, “Syniverse didn’t observe any proof of intent to disrupt its operations or these of its clients and there was no try to monetize the unauthorized exercise,” the submitting states. Verizon, AT&T, and Syniverse didn’t instantly reply to a request for remark from The Verge, whereas T-Cell referred inquiries to the CTIA. T-Cell did inform Ars Technica that it was “conscious of a safety incident” with Syniverse however there’s “no indication that any private data, name report particulars or textual content message content material of T-Cell clients had been impacted.”
Syniverse’s safety breach was revealed as the corporate is making an attempt to go public by a merger with a particular goal acquisition firm (SPAC), however it looks like it was a goal within the first place due to the corporate’s dimension. Syniverse has spent the final decade changing into a quasi-gatekeeper for a number of US carriers by acquisitions, The Verge’s earlier reporting discovered. Measurement issues in enterprise, however as with the SolarWinds hack, it issues much more when one thing goes flawed.