Signal says hundreds of users may have been hit in phishing attack

Seucre messaging apps Signal has told almost 2,000 customers they might have been the targets of a recent cyberattack.

The news is linked to the recent breach at Twilio after a threat actor successfully phished login data from a number of its employees. 

During that time, it may, or may not have, gotten access to the phone numbers of 1,900 Signal users, as Twilio provides Signal with phone number verification services. 

Message history secure

At the time of the hack, Signal said in its warning, that having access to those phone numbers means they could have re-registered Signal to their endpoints, essentially stealing the victims’ identities on the platform. 

Twilio has since shut the attack down, Signal confirmed, and added that 1,900 users is a “very small percentage” of total users, meaning most were not affected. Those that have been affected, however, have gotten a warning from the company to re-register the app on their devices, just to make sure.

“All users can rest assured that their message history, contact lists, profile information, whom they’d blocked, and other personal data remain private and secure and were not affected,” the company confirmed. Message history is stored only on the device, Signal said, adding that the company doesn’t keep any copies. In order to access the message history, the attackers would need physical access to people’s devices. 

Furthermore, the contact list, profile information, data on blocked contacts, and other information, can only be recovered with the Signal PIN, which the attackers couldn’t have taken.

“However in the case that an attacker was able to re-register an account, they could send and receive Signal messages from that phone number.” the company concluded.

Via: BleepingComputer