Major SMS Routing Company Says It Was The Victim Of A Five-Year Hack (Updated)

SHARE THIS ARTICLE

REACH US

GENERAL INQUIRY

[email protected]

ADVERTISING

[email protected]

PRESS RELEASE

[email protected]

HOTLINE

+673 222-0178 [Office Hour]

+673 223-6740 [Fax]

Upcoming Events

Prayer Times

The prayer times for Brunei-Muara and Temburong districts. For Tutong add 1 minute and for Belait add 3 minutes.

Imsak	: 05:01 AM
Subuh	: 05:11 AM
Syuruk	: 06:29 AM
Doha	: 06:51 AM
Zohor	: 12:32 PM
Asar	: 03:44 PM
Maghrib	: 06:32 PM
Isyak	: 07:42 PM

The Business Directory

Security & Privacy

Home > Security & Privacy

Major SMS Routing Company Says It Was The Victim Of A Five-Year Hack (Updated)

diego_cervo via Getty Images

October 7th, 2021 | 12:22 PM | 265 views

UNITED STATES

US carriers were likely affected, but it's not clear how.

A cornerstone of text messaging has been vulnerable for half a decade. Ars Technica reports that Syniverse, which routes billions of SMS chats for hundreds of carriers in the US and abroad, has used an SEC filing to disclose a hack that lasted for five years.

The company discovered in May 2021 that someone had "unauthorized access" to its operational and IT systems since May 2016, and during that time had "several" opportunities to access network databases. The intruders compromised logins for Syniverse's Electronic Data Transfer environment for about 235 carriers, according to the company.

The routing firm wouldn't say if the attackers obtained messages or otherwise violated users' privacy. In a statement to Ars, Syniverse generally kept to what it revealed in the SEC filing. The company said it hadn't found evidence of an "intent to disrupt" operations, and there was "no attempt to monetize" activity. The company couldn't rule out future discoveries, however, and a Motherboard source said the EDT space included call record information. The intruders could have obtained text message content, the source added.

We've asked AT&T, T-Mobile and Verizon (Engadget's former parent company) if the attackers could have compromised texts passing through their networks. Syniverse said it fixed the security flaws and notified all customers when legally required, but that "no additional action" was necessary at this stage.

While that response suggests the practical damage might be limited, there's still cause for concern here — the attackers might have had access to massive volumes of sensitive messages while an important custodian was unaware. If nothing else, this is a reminder that mobile security depends as much on partner companies as it does carriers and phone makers.

Update 10/6 1:20PM ET: T-Mobile told Engadget there was "no indication" the breach compromised text messages or other personal details for the carrier's users.

Source:
courtesy of ENGADGET

by Jon Fingas

If you have any stories or news that you would like to share with the global online community, please feel free to share it with us by contacting us directly at [email protected]