On Thursday night, hundreds of people complained about receiving seemingly random, out of context, text messages from friends and relatives.
Countless people who got the messages reported that the apparent senders of the texts told them they actually did not send them, causing a flurry of complaints and head scratching on on Twitter, Reddit, and other social media. Many realized the messages were from Valentine’s Day earlier this year.
T-Mobile said in a statement that the issue was with “a third party vendor,” and Sprint blamed it on a “maintenance update. ”
As it turns out, the culprit is a little known, but incredibly important company called Syniverse. The Washington Post reported this news Thursday and Motherboard has confirmed it with a notification the company sent to telecom industry insiders.
In a notification send telecom industry insiders, and obtained by Motherboard, Syniverse said that “The ICSMS [Inter-Carrier SMS] infrastructure maintenance [...] caused old SMS messages to be replayed.”
“Subscribers may have received old, duplicate messages,” the notification read. “The team is currently investigating to determine impact.”
This incident raises a lot of questions, and serves as a reminder that cellphone infrastructure is a complex web made not just of the major providers such as AT&T, T-Mobile, Verizon and Sprint, but also smaller companies that provide services to these giants.
“Most consumers don’t realize there are other large companies in the mix between the large carriers,” said an employee of another company that works in the industry, and asked to remain anonymous as he was not allowed to speak to the press.
Do you work or used to work at a telecom provider? We’d love to hear from you. Using a non-work phone or computer, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, OTR chat at firstname.lastname@example.org, or email email@example.com.
“The real question that need to be asked here is why does Syniverse have a bunch of old messages from February sitting around on a server somewhere?” the industry insider said. “As a customer/carrier of theirs, the expectation is that messages are stored/quedeed only when binds are down, i.e. once the traffic is delivered to the carrier. It shouldn’t be kept by Syniverse.”
Syniverse did not respond to Motherboard's request for comment. In a statement to The Washington Post, Syniverse said maintenance caused the 168,149 previously undelivered text messages to be sent.
“We apologize to anyone who was impacted by this occurrence,” William Hurley, Syniverse’s chief marketing and product officer, said in a statement.
As The Verge reported, the glitch caused some people to receive messages from people who are now dead.
A person who works at Verizon, who asked to remain anonymous because he was not authorized to speak to the press, said the company received multiple complaints on Thursday, and some were harder to explain than others.
“I had a customer who was receiving the same text from her son,” the Verizon employee said. “The son had passed away like 6 months ago.”
Subscribe to our new cybersecurity podcast, CYBER.