Snippet: A Text Message Routing Company Suffered a Five-Year-Long Breach ☇

Ian Carlos Campbell for The Verge:

Syniverse, a telecom company that helps carriers like Verizon, T-Mobile, and AT&T route messages between each other and other carriers abroad, disclosed last week that it was the subject of a possible five year long hack. If the name Syniverse sounds familiar, the company was also responsible for the disappearance of a swath of Valentine’s Day text messages in 2019.

The hack in question was brought to light in a Securities and Exchange Commission filing Syniverse published last week. In it, Syniverse shares that in May 2021 it “became aware of unauthorized access to its operational and information technology systems by an unknown individual or organization.” The company did its due diligence notifying law enforcement and conducting an internal investigation, resulting in the discovery that the security breach first started in May 2016. That’s five years of (possibly) unfettered access.

I don’t really understand why Syniverse needs to exist in the first place and why they’re not under more scrutiny. In the US, there’s only a handful of carriers (if you count the big three and the regionals), so why can’t they handle something as basic as text message routing? At this point, with so many things outsourced, do the telecom companies do anything themselves?