Syniverse, which supplies technology and services to giants such as AT&T, T-Mobile, Verizon, Vodafone, China Mobile and many other cellular operators around the world, said hackers have had access to its systems for many years. More than 200 customers of the company and millions of mobile users around the world have become potential victims of cybercriminals. To understand the scale of the problem: Syniverse processes more than 740 billion SMS annually
Syniverse has reported in documents filed on September 27 with the US government that an unknown individual or organization has obtained unauthorized access to the databases of its network several times. The information obtained by hackers, used to log into the system, allowed attackers to gain access to most of the important data of the company and its customers. The medium of transmission (EDT) has been compromised in 235 of its clients.
A former Syniverse employee who worked on EDT systems stated that they have information on all types of call data. Syniverse declined to answer specific questions about the scale of the hack and its consequences. According to a representative of one of the mobile operators, the hackers who hacked Syniverse gained access to metadata such as the duration and cost of calls, as well as the number of the subscriber making the call, the location of the participants in the conversation, and the content of SMS messages.
The company said it found signs of a breach in May of this year, but unauthorized access to its networks was first carried out in May 2016. According to the official website Syniverse, the company processes 740 billion text messages annually and has partnerships with more than 300 mobile operators worldwide. Its clients are 95 of the 100 largest mobile operators.
Researchers call the five-year presence of attackers on Syniverse networks a global disaster for the privacy of cellular users. It is noted that hackers could gain access to SMS messages from two-factor authentication systems, which allowed them to gain access to the accounts of Google, Facebook, Microsoft and personal accounts of bank customers. A recently discovered attack could potentially affect hundreds of millions, if not billions, of mobile users. Using the data that Syniverse has, hackers can create a detailed user profile, knowing exactly what they are doing, where they are, who they are calling.
One former Syniverse employee said the attack probably did not cause significant damage because there were no obvious events in the past five years indicating that a vulnerability was being used against users.