Around 1,900 users of Signal, the encrypted messaging app, may have had their phone numbers or text verification codes accessed by hackers.
The breach was part of a phishing attack on the communications company, Twilio, which provides Signal’s SMS verification service.
In a Twitter thread and support document, Signal states that a recent successful (and deeply resourced) phishing attack on Twilio allowed access to the phone numbers linked with 1,900 users.
According to Signal no other data could be accessed. This is mainly due to Signal's design. Message history is stored entirely on user devices. Contact and block lists, profile details, and other user data require a Signal PIN to access.
Signal is asking users to enable registration lock, which prevents Signal access on new devices until the user's PIN is correctly entered.
- CyberBeat
CyberBeat is a grassroots initiative from a team of producers and subject matter experts, driven out of frustration at the lack of media coverage, responding to an urgent need to provide a clear, concise, informative and educational approach to the growing fields of Cybersecurity and Digital Privacy.
If you have a story of interest, a comment, a concern or if you'd just like to say Hi, please contact us
We couldn't do this without the support of our sponsors and contributors.