Syniverse, a major telecommunication company, was reportedly hacked, and attackers could have gained access to a trove of calls and SMSes.
In a confidential report, the telecom company revealed that hackers have been inside its systems for years, affecting hundreds of business clients and potentially millions of users globally.
Syniverse provides telecommunications infrastructure for AT&T, T-Mobile, Verizon, Vodafone, and China Mobile and handles billions of text messages a year. Now it revealed in a filing on September 27 with the U.S. Security and Exchange Commission that hackers had access to its data for years.
“The world’s largest companies and nearly all mobile carriers rely on Syniverse’s global network to seamlessly bridge mobile ecosystems and securely transmit data, enabling billions of transactions, conversations and connections [daily],” Syniverse wrote in a recent press release.
Syniverse revealed that over 200 of its customers’ identities were compromised due to a security issue that affected its database. An individual or organization gained unauthorized access to the company’s databases within its network “on several occasions,” and “login information allowing access to or from its Electronic Data Transfer (EDT) environment was compromised for approximately 235 of its customers.”
A former employee of Syniverse told Motherboard that the company’s EDT systems have information on all call records.
Syniverse repeatedly refused to answer Motherboard’s specific questions about the scale of the security breach and what specific data was compromised.
According to a person who works at Syniverse, hackers could have accessed such metadata, as call length and cost, caller and receiver’s numbers, the location of the calling parties, content of SMS text messages, and more.
“Syniverse is a common exchange hub for carriers around the world passing billing info back and forth to each other,” the source, who asked to remain anonymous as they were not authorized to talk to the press, told Motherboard. “So it inevitably carries sensitive info like call records, data usage records, text messages, etc. […] The thing is—I don’t know exactly what was being exchanged in that environment. One would have to imagine though it easily could be customer records and [personal identifying information] given that Syniverse exchanges call records and other billing details between carriers.”
An industry insider believes who spoke with Motherboard that the massive data breach that affected the telecom could affect millions – if not billions – of cellphone users.
