As someone who has operated small companies, the one thing I fear is blowing up and getting blasted out of the water for some critical issue I’ve made. I hope that is a legitimate fear for a lot of companies starting out. For Sunbird, however, it doesn’t appear that thought crossed their minds.
After this past weekend’s messy security nightmare with Nothing Chats, Sunbird has taken down its own app.
The company started offering their iMessage service in late 2022 in closed beta. This would probably explain why there were so few downloads of the original app prior to the Nothing partnership. Nobody would have noticed (or probably cared) about the security holes going on behind the scenes.
All that changed when Nothing brought their name, app, and service to the spotlight. As we saw, folks took notice and started digging into it. Over 630,000 files were accessible through a discovered vulnerability. This was after Sunbird claimed no data was stored on its servers.
When investigating the issue, Sunbird was initially shutting down the meda portion of the app.
Good afternoon everyone. We are investigating the security issues raised in the last 24 hours. In an abundance of caution and to protect your confidential data, we are shutting down Sunbird media temporarily. We will keep you posted. Thank you, & sincere apologies for the inconvenience.”
It wasn’t long after that when the whole app went down.
Dear Sunbird User. We have decided to pause Sunbird usage for now while we investigate security concerns. We will update you when we are ready to proceed.”
The website, however, is still up. There are no mentions of this issue. The claims of end-to-end encryption are still there along with the claim they don’t store your data.
There have also been reports that many people had questions or raised alarms to what Sunbird was doing. Ars Technica reported that basic questions went unanswered or ignored. Also, a member of Sunbird’s Discord community claims they were banned when pointing out a security issue.