Signal’s reputation for encrypted texting does not make it immune to hackers. The company acknowledged that a data breach at verification partner Twillio compromised around 1,900 users’ phone numbers and SMS codes. According to a credible source, the attacker may have utilized the information to either identify Signal users or re-register their phone numbers to other devices.
The data has already been abused. The perpetrator looked up three phone numbers and re-registered one user’s account. Since Signal does not save conversation history or contacts online, the intrusion should not have disclosed any additional sensitive information.
Signal is working hard to mitigate the harm. The app will be unregistered on all devices associated with the impacted accounts, forcing users to re-register. The team also suggested establishing a registration lock, which prevents someone from re-registering on other devices without first entering a PIN number.
Twilio disclosed the security breach on August 8th. The offenders, who are still unknown, utilized phishing schemes to collect login information and access the accounts of 125 customers. Twilio normally services huge enterprises and organizations, so it’s unclear if additional customers were impacted.
The hack puts more pressure on Signal to follow the lead of other encrypted messaging platforms in moving away from phone numbers, which can be subject to SIM swaps and other digit-based techniques. This also serves as a warning that systems are just as safe as their technology partners – a lapse at a third party may be just as damaging as a direct attack.
- Google Introduces AI Mode: A Game-Changer for Search - March 12, 2025
- Security Researchers Find DeepSeek Security Vulnerabilities - February 6, 2025
- Tech Giants Unite to Tackle Child Safety Online with ROOST - January 11, 2025
