[BreachExchange] Largest mobile SMS routing firm discloses five-year-long breach

Tue Oct 5 08:43:13 EDT 2021

https://www.bleepingcomputer.com/news/security/largest-mobile-sms-routing-firm-discloses-five-year-long-breach/

Syniverse, a service provider for most telecommunications companies,
disclosed that hackers had access to its databases over the past five years
and compromised login credentials belonging to hundreds of customers.

Self-described as “the world’s most connected company,” Syniverse provides
text messaging routing services to over 300 mobile operators, among them
Vodafone, AT&T, T-Mobile, Verizon, America Movil, Telefonica, and China
Mobile.

Syniverse is so big that it brags about having as its customers “nearly
every mobile communications provider, the largest global banks, the world’s
biggest tech companies.”

Breach tracked to May 2016

In a filing on September 27 with the U.S. Securities and Exchange
Commission (SEC) spotted by Motherboard journalist Lorenzo
Franceschi-Bicchierai, Syniverse disclosed that an unauthorized party
accessed on several occasions databases on its network.

When the company became aware of the intrusions in May 2021, an internal
investigation began to determine the extent of the hack.

“The results of the investigation revealed that the unauthorized access
began in May 2016,” the company reveals in the SEC filing.

For five years, hackers maintained access to Syniverse internal databases
and compromised the login data for the Electronic Data Transfer (EDT)
environment belonging to about 235 customers.

“All EDT customers have been notified and have had their credentials reset
or inactivated, even if their credentials were not impacted by the
incident. All customers whose credentials were impacted have been notified
of that circumstance” - Syniverse

Huge node for mobile communications

The company notes that its investigation did not reveal intent to disrupt
operations or to monetize from the intrusion.

Even if the investigation did not find any evidence, the company does not
exclude the possibility of data exfiltration, which could impact its
business, employees, customers, suppliers, and vendors, and could also lead
to a future cyber attack.

>From its role as an intermediary between mobile carriers, it is easy to
infer the type of data the hackers could access by breaching Syniverse: at
least details about the source, destination, timestamps, general location,
and possibly the content of the text messages.

According to the company, its infrastructure processes more than 740
billion messages every year, enabling interconnectivity between mobile
network operators and giving them "unparalleled visibility into all
messages hitting your network".

Syniverse describes itself as “the world’s most connected company” with a
“secure global network [that] reaches almost every person and device on
Earth.”

Given the part Syniverse plays in mobile communication around the world and
the trove of sensitive information it needs to protect, the details about
the breach and the goal of the intruder are likely to receive more scrutiny
from national-level regulatory bodies.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211005/9d464172/attachment.html>