BBM Encryption compromised. What now?

[empireofthesun]

A person in my office received an anonymous email that contained a copy of all bbm chats the person had with another person in the office. How is this possible? I thought bbm was encrypted point to point. Neither one of the two people ever downloaded their bbm chats. Does this mean the BES at the company keeps logs of bbm chats and they were compromised? Does the government have access to bbm chats? What is the best solution for this? Is there off the shelf software that can be installed on the blackberry to have true client based encryption? Help....thanks

[empireofthesun]

More update: the person's email in outlook is automatically generating an email that has a subject that reads: BlackBerry Messenger Usage Report and it has a detailed minute by minute log of EVERYTHING that has happened on the BBM, status updates, messages sent and received with the PIN number and time for each entry. I need to figure out what to do. Any help would be greatly appreciated.

[NotJustAPhone]

If you're on a BES, your employer can log all your BBM messages.

Posted from my CrackBerry at wapforums.crackberry.com

[empireofthesun]

Wow I had no idea that with a BES all the BBM messages were being logged. I thought BBM was encrypted from each device point to point. So if the BES can log everything then that is where the interception is taking place. However, here the problem is that the log is being sent by email to a yahoo email from each user's outlook without the user sending it. So that would mean that someone with access to the BES could then have the log sent to an email of their choosing from the person's outlook? How would a person with access to the BES program for the log to be sent out from each user's account? The sent emails DO NOT appear on the BlackBerry but they are in the outlook Sent Items folder.
Thanks for your help

[empireofthesun]

This is what the email that is being sent out looks like with a very long list of each entry on the BBM including status updates, etc (I replaced the last two digits of the PIN with and X and the text with "TEXT"):

Subject: BlackBerry Messenger Usage Report Jan 6, 2011 14:05 - Jan 7, 2011 14:05

19:05 < (247886XX) TEXTTEXTTEXTTEXT
19:05 < (247886XX) TEXTTEXTTEXTTEXT

[swathe]

Maybe it was sent from a sysadmin as a warning for inappropriate use of company resources. Report it to management and have it investigated. The IT department needs to know there is a security breach in the organisation.