Syniverse is a company that no one has ever heard of. They act as an interconnection between 300 mobile carriers and 95 of the top 100 carriers.
They are the reason you can send a text message to your friend who is not on the same phone carrier as you are.
It also allows you to use your phone when you are not in a place where your carrier has service, known as roaming. That is done using the horribly insecure protocol, developed decades ago with no security, called SS7.
In a filing with the SEC, the company admitted that hackers have been in their network since 2016, possibly on and off. Given that they have access to all of your text messages, and call records and location data and other information, that is a huge privacy nightmare.
One former employee said that since the world has not stopped spinning, clearly it is not a problem. Washington, on the other hand, says this is an espionage goldmine.
If the hack was state sponsored, then they would not “use” your data in the traditional sense. They would use it to build a profile and possibly use it to phish you. If, for example, this is a Russia or China operation, there is no telling what they planned to do with it.
If someone is having an affair or swapping nude pictures or other sensitive topics, it could also be used to blackmail people.
Not to fear, however, Syniverse said that as soon as they discovered the breach after five years, they implemented their security incident response plan.
I bet that regulators from around the world are investigating.
Syniverse is trying to go public using a SPAC merger and that is how this came out. They said that the hackers did not try to disrupt operations or ransom them, so all is good, right? If this was state sponsored, you would not expect them to do either of these things. In fairness, they know they are going to get sued, so they are trying to put the best spin on this that they can.
None of their customers were willing to comment for the article. Credit: Motherboard-Vice