Hackers send hundreds of thousands of scam texts to New Yorkers — should you be worried?
Getting spammed by unwanted texts on a Monday can be frustrating, but that happened to a large number of people in New York because of a data breach. Hackers took over a mass text messaging service, sending thousands of scam texts to residents in New York and some other states. The systems of Mobile Commons, a company that provides messaging alert services to the local New York government, a Catholic charity, and a political organizing group, were hacked to send fake alerts to the subscribers of these organizations, NBC News reported. While Mobile Commons told the publication that customer or subscriber data was potentially out of reach of the hackers, it remains unclear if anyone suffered financial losses due to the scam texts.
🇺🇸 HACKERS BREACH NEW YORK’S OFFICIAL TEXT ALERT SYSTEM
— Mario Nawfal (@MarioNawfal) November 13, 2025
Cyber crooks struck gold: Breached Mobile Commons, the bulk SMS firm for NY state, Catholic Relief Services, and political group Fight for a Union.
They've sent hundreds of thousands of scam texts from legit short codes,… pic.twitter.com/pQpcrVTKfi
“On the evening of Monday, November 10th, an unauthorized third party gained illegal access to our platform through what we believe was a spear phishing attack or similar social engineering method. The intruder’s access was active for a four-hour period ending at 12:10 AM on November 11th before being detected and removed. During this time, multiple attempts were made to send spam messages through our system. A limited number of these messages reached subscribers before our security protocols identified and shut down the malicious activity," the company said in a statement.
The publication reviewed the fake alert texts sent to people from three organizations, namely, the state of New York, the charity Catholic Relief Services, and the political organizing group Fight for a Union, all of which are customers of Mobile Commons. The texts referred to non-existent transactions, urging customers to call an 888 number associated with the scam. NBC News reported that the number has since been disconnected, and while Mobile Commons declined to reveal how many people received the text, a spokesperson for the state of New York’s Office of Information Technology Services told the publication that about 188,000 people are subscribed to get alerts from the state, and an estimated 160,000 people received the scam text. Another source with links to major American telecom companies told NBC News that more than 70,000 people associated with the three organizations got the text.
Companies like Mobile Commons operate within the federal guidelines and have access to short-code numbers that are tightly regulated and do not get marked as spam when rapid texts are sent in bulk. In an email reviewed by the news outlet, the U.S. Short Code Registry, an industry non-profit that maintains those codes, wrote that the industry is increasingly under attack from hackers. “Our monitoring teams have detected a notable increase in attempts by unauthorized actors to initiate account takeovers (ATOs) and originate unwanted or illegal text messages using Short Codes,” the email said. The organization also urged companies using such short codes to take basic cybersecurity steps to protect their users and stop hackers from potentially spreading mass panic.
More on Market Realist:
Before you start your holiday shopping, the FBI has a warning about these growing scams
Walmart shopper issues warning about a new money scam at the store: "I’m literally freaking out..."
Colorado mom loses $5,000 after romantic talks with 'Keanu Reeves': "I was convinced..."
