Sometimes, the boring explanation is actually the scarier one.
People across the U.S. collectively freaked out Thursday when they awoke to find seemingly random text messages on their phones from friends, parents, and employers who claimed to have never sent them. And while you’d be forgiven for suspecting NSA-style malfeasance, Russian troll farms, or some hackers trying to trick you into sending them bitcoin, we now know what actually happened — and it’s a doozy.
It turns out a third-party vendor that likely no average smartphone user has ever heard of is to blame. The company is called Syniverse, which claims to have “developed the largest private network ever built for linking to the mobile ecosystem.”
According to a Syniverse statement, the SMS messages that appeared on phones yesterday were initially sent Feb. 14 and were stuck in some sort of queue when a server failed. The server was reactivated yesterday, and the texts were then sent.
Syniverse asserts that it typically holds on to message metadata — that is, the to whom, when, and other associated details of a text — for 45 days before deleting it from its servers. The actual content of the text is supposed to be deleted from those aforementioned servers much sooner.
“Messages that cannot be delivered immediately are temporarily stored between 24 to 72 hours depending upon each mobile operator’s configuration,” explained the statement. “During this time, multiple delivery attempts are made. If the message remains undeliverable after the specified time, the message is automatically deleted by Syniverse.”
Except, in this case, the messages were decidedly not deleted.
In other words, a relatively unknown company — one that is definitely not your cell service provider — was sitting on your text messages for approximately nine months. This should not be reassuring to the recipients of the 168,149 months-late text messages, or anyone else concerned about unaccountable third parties with access to our personal communications.
We reached out to Syniverse to determine if videos and photos sent in February could have been caught up in this mess, but received no immediate response.
It’s worth adding that this didn’t just affect one specific cellphone carrier. Both Sprint and T-Mobile confirmed to Mashable that at least some of their customers were affected.
In the end, the incident of the mystery texts boils down to one, unsettling fact: You don’t have control of your messages, and unless a screw up like this forces someone to publish an apologetic company blog post, then you’ll likely never fully understand the scope of for-profit companies manhandling your private data.
Which, of course, is the scariest part of all.