If you’ve got a mobile plan on Verizon, AT&T, T-Mobile, or Vodafone, chances are hackers have been able to read your text messages for years.
This shocking revelation comes from a recent document Syniverse filed with the U.S. Securities and Exchange Commission. On page 69 of the document, Syniverse touched upon the May 2021 incident when hackers gained access to its database but continued explaining how those incidents have been an ongoing issue since May 2016.
“Syniverse’s investigation revealed that the individual or organization gained unauthorized access to databases within its network on several occasions and that login information allowing access to or from its Electronic Data Transfer (“EDT”) environment was compromised for approximately 235 of its customers.”
To put things into perspective, Syniverse’s clients include various mobile networks from around the world, including but not limited to those we’ve mentioned in the opening paragraph. The company is responsible for text message routing for those networks, meaning there are potentially millions of people affected by this security breach. That’s more than 740 billion messages every year for hundreds of mobile operators in North America, Europe, and the rest of the world.
Syniverse has become an essential partner to mobile network providers. In fact, its customers include nearly all top 100 global mobile carriers. The implications of hacking such a pillar of the mobile industry are huge, and experts believe it could lead to further breaches involving Google, Microsoft, and Amazon. A strong ID theft protection could soon become a must for everyone that has their phone number connected to various online services.
“Syniverse systems have direct access to phone call records and text messaging, and indirect access to a large range of Internet accounts protected with SMS 2-factor authentication. Hacking Syniverse will ease access to Google, Microsoft, Facebook, Twitter, Amazon and all kinds of other accounts, all at once,” security and cryptography expert Karsten Nohl explained in his email to media outlets.
At the time of writing, none of the affected network carriers issued a statement regarding this breach.