Unauthorized User Access Blamed on Syniverse Hack

Date: 2021-11-15
Author: Joakim Thorén, Founder and CEO

Next >> Unlikely Career Move or Well Planned Transition

Previous << Thales Cloud Security Summit

You may be blissfully unaware of a company called Syniverse. Most of us were, too, until last month when a company document revealed a 5-year login hack of its databases.

The news came about in a routine (US) Securities and Exchange Commission filing as a precursor to Syniverse potentially becoming a publicly traded firm. As is required in this type of SEC filing, Syniverse disclosed potential risk factors for investors that included a hack of data from 235 of the world’s telecom carriers.

Databases are hacked daily -- it’s true -- but they rarely have the potential impact of this one. The company acts as the routing arm for text messages from customers of carriers like Verizon, AT&T, T-Mobile and about 297 others. In all, the hack impacted more than 75 percent of Syniverse’s customer base. That means the impact could extend to every customer of those carriers who sent SMS messages in the last half decade.

Hundreds of billions of text messages flow through these companies annually. In fact, Syniverse says its services process more than 740 billion messages each year for its carrier customers. To date, there have not been reports that hackers gained access to the actual text messages or other customer data, which may be the best possible outcome of the hack.

Not surprisingly, the “individual or organization” gained unauthorized access to Syniverse’s networks a variety of times over the 5-year-period, the company said in its statement, and that “login information allowing access to or from its Electronic Data Transfer (“EDT”) environment was compromised” for those 235 customers. As part of its remediation efforts, Syniverse either deactivated or reset the credentials for all its EDT customers.

From my perspective, there are three things that are surprising about all of this. One is that one company is a single point of exposure for the potentially billions of people who send text messages. Second is that the hack went unnoticed there until five years after it began in May 2016. The third is that this should not have happened: companies like ours provide the tools that can make hacks like this far less prevalent or damaging.

Since the breach was discovered earlier this year, Syniverse says it’s taken the proper remediation steps – including notifying law enforcement and hiring specialists to help combat the crime. It says it has put in increased protection measures for its IT systems, too. For now, the company says there have been no known attempts to misuse the hacked data but said in the SEC filing that it cannot entirely rule out the possibility.

Enterprises like being in the headlines for all the remarkable things they do. Don’t let your headlines be about having your data breached. Talk with a Versasec expert today by contacting us here.


Photo by Shawn Fields on Unsplash

Versasec Support

Versasec customers with an existing support and maintenance contract can access the Versasec Support Portal, offering extensive professional support and maintenance services. The Versasec Support Portal offers a variety of services, allowing for customers and any site visitor to communicate directly with support engineers.

Support

Company Blog

Our blog addresses the latest security trends and stories. The posts discuss how identity and access management are playing a larger role in keeping corporate data safe as well as brand reputations intact. To learn more, bookmark our blog![more]