Telco service provider giant Syniverse had unauthorized access since 2016

Syniverse service provider discloses a security breach, threat actors have had access to its databases since 2016 and gained some customers’ credentials.

Syniverse is a global company that provides technology and business services for a number of telecommunications companies as well as a variety of other multinational enterprises. The company is a privileged target for threat actors that could hit the firm to access their customers’ information.

Syniverse provides text messaging routing services to hundreds of mobile operators, including AT&T, T-Mobile, Verizon, Telefonica, China Mobile, and Vodafone. It also offered services to tech giants and major financial institutions.

Syniverse discloses a security breach, threat actors have had access to its databases since 2016. According to Motherboard that first reported the news potentially millions of cellphone users worldwide were impacted.

“A company …. disclosed that hackers were inside its systems for years, impacting more than 200 of its clients and potentially millions of cellphone users worldwide.” states Motherboard. “The company, Syniverse, revealed in a filing dated September 27 with the U.S. Security and Exchange Commission that an unknown “individual or organization gained unauthorized access to databases within its network on several occasions, and that login information allowing access to or from its Electronic Data Transfer (EDT) environment was compromised for approximately 235 of its customers.”

In a filing with the U.S. Securities and Exchange Commission (SEC) the company states that an unauthorized party accessed on several occasions databases on its network. The security breach was only discovered May 2021 five years after the alleged first intrusion. The company has launched an internal investigation to determine the extent of the security breach.

“The results of the investigation revealed that the unauthorized access began in May 2016. Syniverse’s investigation revealed that the individual or organization gained unauthorized access to databases within its network on several occasions, and that login information allowing access to or from its Electronic Data Transfer (“EDT”) environment was compromised for approximately 235 of its customers.” states the SEC filing.

According to the company, threat actors compromised login credentials for approximately 235 of its customers. In response to the incident, Syniverse notified EDT customers and reset/ inactivated their credentials.

Five years is a long period and the fact that threat actors operated to remain under the radar suggests they were involved in a long-running cyberespionage operation.

“Syniverse did not observe any evidence of intent to disrupt its operations or those of its customers and there was no attempt to monetize the unauthorized activity. Syniverse did not experience and does not anticipate that these events will have any material impact on its day-to-day operations or services or its ability to access or process data.” continues the filing.

In My Humble Opinion, the security breach could be part of a cyberespionage campaign orchestrated by a nation-state actor.

“The information flowing through Syniverse’s systems is espionage gold,” Sen. Ron Wyden told Motherboard in an emailed statement. “That this breach went undiscovered for five years raises serious questions about Syniverse’s cybersecurity practices. The FCC needs to get to the bottom of what happened, determine whether Syniverse’s cybersecurity practices were negligent, identify whether Syniverse’s competitors have experienced similar breaches, and then set mandatory cybersecurity standards for this industry.”

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, cyberespionage)

[adrotate banner=”5″]

[adrotate banner=”13″]