Signal’s reputation for secure messaging doesn’t ensure it is completely invulnerable to hacking incidents. The business has confirmed a data breach at verification partner Twillio exposed the telephone numbers and SMS codes of roughly 1,900 users. As TechCrunch observed, the intruder may have either used the info to either identify Signal users or re-register their numbers to other devices.
The info was already misused. At fault sought out three telephone numbers, and re-registered the account of 1 user. Signal doesn’t store chat histories or contacts online, therefore the breach shouldn’t have revealed other sensitive details.
Signal is taking steps to limit the damage. It’ll unregister the app on all devices associated with affected accounts, forcing users to re-register. The team also recommended enabling a registration lock that bars anyone from re-registering on other devices without providing a PIN code.
Twilio revealed the breach on August 8th. The currently unidentified perpetrators used phishing scams to acquire login details and access the accounts of 125 customers. Although it isn’t clear which some other clients were affected, Twilio typically serves large companies and organizations.
The attack increases pressure on Signal to become listed on other encrypted messaging providers in leaving phone numbers, which may be susceptible to SIM swaps along with other digit-based schemes. That is also a reminder that systems are just as secure as their technology partners a slip at a third-party may also be as dangerous as a primary assault.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. A few of our stories include affiliate links. In the event that you buy something through one of these brilliant links, we might earn a joint venture partner commission.