Exclusive: Data stolen from a global telecommunications company in 2013 led to messages being sent to mobile numbers across Middle East two years later
A Guardian investigation has revealed that data was stolen in 2013 as a result of unauthorised access to the systems of SMSGlobal, which provides messaging services for “some of the world’s best known brands” and has more than one million customers worldwide.
... In April 2015, a hacker attempted to send over 4m messages to phone numbers across the Middle East. The message said: “Our motto forever Death to America, Death to the Jews.”
... The 2013 theft was attributed by the company to be a cause of the breach in April 2015. Clients who had not changed their passwords were potentially vulnerable.
... SMSGlobal’s clients include Nestle Waters, Serco, Etihad Airways, Emirates Transport, Tecom, Samsung, Microsoft, IBM, Dell, the Australian Football League and law enforcement agencies around the world.
... Etihad uses SMSGlobal to provide authorisations for its pilots before their planes take off, and the Australian defence department has signed an A$80,000 contract with the company to provide messaging services for its e-health service.
... It said the April 2015 breach was attributed to the “use of a brute force attack” to penetrate accounts due to a “number of vulnerabilities” such as that customers’ passwords were not encrypted in SMSGlobal’s database...
... In September 2015 a third hack occurred. The hackers tried to send a text message that said “mismanagement by Saudi officials was the reason for the death of the hajjaj in Mina” – believed to be a reference to the deaths of almost 2,000 Hajj pilgrims in September. It is not clear how many of the messages were successfully sent.
