Major SMS Routing Provider Syniverse Hacked, Affecting Leading U.S. Mobile Operators

Syniverse, a company that provides SMS routing services to most major U.S. telecom operators, has reported a security breach. Hackers infiltrated the company’s network five years ago and had access to its databases, compromising the credentials of hundreds of clients.

Syniverse facilitates text message exchange and routing services for over 300 mobile network operators, including giants like Vodafone, AT&T, T-Mobile, Verizon, America Movil, Telefonica, and China Mobile. The company is so large that it boasts on its official website that its clients include “almost all mobile operators, the world’s largest banks, and the world’s largest technology companies.” According to official statistics, Syniverse’s infrastructure processes over 740 billion messages annually, enabling communication between mobile network operators.

Details of the Breach

In documents submitted to the U.S. Securities and Exchange Commission, Syniverse disclosed that an unauthorized third party gained access to its network and repeatedly accessed the company’s databases. The breach was discovered in May 2021, at which point an investigation was launched. It was found that hackers had infiltrated Syniverse’s network as far back as 2016.

For five years, hackers maintained access to Syniverse’s internal databases and compromised login credentials for the Electronic Data Transfer (EDT) environment belonging to approximately 235 clients.

“All EDT clients were notified of the incident, and their credentials were reset or deactivated, even if they were not directly affected. All clients whose credentials were compromised were informed of this,” Syniverse stated.

The company also noted that the investigation did not uncover any attempts to disrupt its operations or profit from the breach. However, Syniverse does not rule out the possibility that data may have been stolen, potentially affecting its business, employees, clients, suppliers, and vendors, and that this data could be used in future cyberattacks.

Potential Data Exposed

Given Syniverse’s role in mobile network operations, it’s easy to see what kind of data hackers could have accessed: information about message sources, destinations, timestamps, locations, and possibly even the content of SMS messages.

The company has not disclosed any information beyond what was reported to authorities, citing the ongoing investigation.

“Given the confidential nature of our client relationships and the ongoing law enforcement investigation, we are not making any further public statements on this matter,” Syniverse said.

Industry Reactions and Concerns

Vice Motherboard quoted an anonymous source working at a telecom operator, who said that the Syniverse hackers could have accessed metadata, including message length and cost, subscriber information and numbers, location data, and even the content of text messages.

“Syniverse is a single exchange hub for operators worldwide, transmitting billing information to each other,” the source said. “As such, it inevitably contains confidential information, including call records, data usage records, text messages, and so on. The thing is, I don’t know exactly what they were exchanging in this environment. It’s easy to imagine that it could have included customer records and [personally identifiable information].”