Phishing attack exposes Signal users

1,900 users of Signal affected
17 August 2022
Image by Pete Linforth from Pixabay

Around  1,900 users of Signal, the encrypted messaging app, may have had their phone numbers or text verification codes accessed by hackers. 

The breach was part of a phishing attack on the communications company, Twilio, which provides Signal’s SMS verification service.

In a Twitter thread and support document, Signal states that a recent successful (and deeply resourced) phishing attack on Twilio allowed access to the phone numbers linked with 1,900 users. 

According to Signal no other data could be accessed. This is mainly due to Signal's design. Message history is stored entirely on user devices. Contact and block lists, profile details, and other user data require a Signal PIN to access. 

Signal is asking users to enable registration lock, which prevents Signal access on new devices until the user's PIN is correctly entered.

- CyberBeat

About CyberBeat

CyberBeat is a grassroots initiative from a team of producers and subject matter experts, driven out of frustration at the lack of media coverage, responding to an urgent need to provide a clear, concise, informative and educational approach to the growing fields of Cybersecurity and Digital Privacy.

Contact CyberBeat

If you have a story of interest, a comment, a concern or if you'd just like to say Hi, please contact us

Terms & Policies >>


We couldn't do this without the support of our sponsors and contributors.