Syniverse, a global company that provides technology and business services for a number of telecommunications companies, such as AT&T, T-Mobile, Verizon, Vodafone, and China Mobile, has been hacked. According to a “quiet disclosure” the company made, hackers have been inside its systems for years, affecting more than 200 of its clients and millions of cellphone users worldwide, Vice’s Motherboard reported.
According to a document from September 27 shared wth the U.S. Security and Exchange Commission, an unknown individual or organization obtained unauthorized access to databases within Syniverse’s network on several occasions. As a result, login information allowing access to or from its Electronic Data Transfer (EDT) environment was compromised for approximately 235 of its customers.
A former Syniverse employee who worked on the EDT systems was able to confirm to Motherboard that those systems contain information about all types of call records.
Has Syniverse confirmed the hack? According to Motherboard, the company “repeatedly declined to answer specific questions” regarding the scale of the incident and the nature of breached data. However, according to an undisclosed employee of a telephone carrier, “whoever hacked Synivere could have had access to metadata such as length and cost, caller and receiver’s numbers, the location of the parties in the call, as well as the content of SMS text messages.” In other words, the data that was most likely affected by the hack is ripe with highly sensitive details.
Here’s what Motherboard discovered about Syniverse’s hack, after a conversation with a source who wanted to remain anonymous:
“Syniverse is a common exchange hub for carriers around the world passing billing info back and forth to each other,” the source, who asked to remain anonymous as they were not authorized to talk to the press, told Motherboard. “So it inevitably carries sensitive info like call records, data usage records, text messages, etc. […] The thing is—I don’t know exactly what was being exchanged in that environment. One would have to imagine though it easily could be customer records and [personal identifying information] given that Syniverse exchanges call records and other billing details between carriers.”
More about Syniverse
As already mentioned, Syniverse is a global company providing technology and business services for several telecommunications companies and other multinational enterprises. The company was founded in 1987 as a GTE business unit called GTE Telecommunications Services Inc.
The company’s global headquarters are in Tampa, Florida, U.S., with regional headquarters in Costa Rica, Argentina, Dubai, Luxembourg and Hong Kong [via Wikipedia].
In terms of its purpose, Syniverse provides support services to wireless carriers including AT&T, Verizon, T-Mobile. The company processes more than 740 billion text messages annually, and apparently has connections to at least 300 mobile operators globally.
What did the authorities say?
“The FBI and the FCC did not immediately respond to a request for comment. The Cybersecurity and Infrastructure Agency (CISA) declined to comment. AT&T, T-Mobile, Vodafone, Telefonica, China Mobile, and America Movil did not respond to a request for comment. Verizon declined to comment,” Motherboard said.