Cyber Incident Victim: Ciphr
Date:
Apr 2017
Location:
United States of America
Summary
A secure phone provider experienced a data breach where customer information, including email addresses and device IMEI numbers, was publicly leaked online. The company attributed the incident to a competitor, specifically naming SkySecure, which denied involvement and expressed sympathy while calling the attack malicious. Exposed data reportedly included both expired and active accounts, though the firm asserted no compromise of message content and emphasized it was not a security breach. The leaked IMEI details could enable law enforcement to geolocate devices through cellular tower triangulation, raising operational security concerns for users. Competing firms in the encrypted communications market exchanged accusations regarding the leak's legitimacy, with one dismissing it as "fake news" and alleging corporate sabotage. The company offered replacement devices to affected customers amid claims that rivals sought to undermine its growth through slander and disruptive attacks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around April 26, 2017, customer data from encrypted phone provider Ciphr was publicly dumped online, exposing email addresses and unique IMEI (International Mobile Equipment Identity) numbers associated with users' devices. The data appeared on a dedicated website allowing visitors to search through the leaked records, which Ciphr acknowledged included both expired accounts and a small number of active users. Ciphr, which provided encrypted email, text messaging, and secure storage services primarily for BlackBerry 10 and Samsung Knox devices, asserted that the incident was not a security breach but rather a deliberate act by a competitor to undermine its business. The company claimed its servers and email systems had been compromised, though it emphasized that the content of users' messages remained unaffected. Two Ciphr customers confirmed their data was included in the leak, with one verifying that details of other users they knew were also present.
Ciphr attributed the data dump to SkySecure, the company behind rival encrypted phone service SkyECC, alleging the act was part of a campaign involving slander, blocking, and distributed denial-of-service (DDoS) attacks motivated by Ciphr's rapid market growth. In a message to affected users, Ciphr denounced the publication of customer data as unprecedented within the industry and announced plans to issue replacement phones to mitigate potential risks. SkySecure categorically denied involvement, expressing sympathy for Ciphr and urging it to address security vulnerabilities. The leaked IMEI data raised concerns about potential exploitation by law enforcement, as the hosting website noted authorities could theoretically use these identifiers to triangulate device locations via cellular networks. Other industry players, such as PGPSure, characterized the incident as "fake news" and accused SkySecure of engaging in "dirty games," reflecting the competitive tensions within the secure phone market. Affected customers expressed frustration over the lack of transparency, emphasizing their financial investment in the devices and right to detailed information about the compromise.