Signal says hundreds of users may have been hit in phishing attack
Users of Signal urged to re-register app on their devices
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Seucre messaging appsSignalhas told almost 2,000 customers they might have been the targets of a recent cyberattack.
The news is linked tothe recent breach at Twilioafter a threat actor successfully phished login data from a number of its employees.
During that time, it may, or may not have, gotten access to the phone numbers of 1,900 Signal users, as Twilio provides Signal with phone number verification services.
Message history secure
At the time of the hack, Signal said in its warning, that having access to those phone numbers means they could have re-registered Signal to their endpoints, essentiallystealing the victims’ identitieson the platform.
Twilio has since shut the attack down, Signal confirmed, and added that 1,900 users is a “very small percentage” of total users, meaning most were not affected. Those that have been affected, however, have gotten a warning from the company to re-register the app on their devices, just to make sure.
“All users can rest assured that their message history, contact lists, profile information, whom they’d blocked, and other personal data remain private and secure and were not affected,” the company confirmed. Message history is stored only on the device, Signal said, adding that the company doesn’t keep any copies. In order to access the message history, the attackers would need physical access to people’s devices.
Signal denies it has been hacked>China blocks Signal - here’s what you need to know>Here’s our take on the best live chat software right now
Furthermore, the contact list, profile information, data on blocked contacts, and other information, can only be recovered with the Signal PIN, which the attackers couldn’t have taken.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“However in the case that an attacker was able to re-register an account, they could send and receive Signal messages from that phone number.” the company concluded.
Via:BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
VIPRE Security Group says its new endpoint protection tools can stamp out even the latest cybersecurity threats
