1900 Signal Users Notified of Information Breach
- By Bree Ann Russ
- Aug 17, 2022
Twilio, the company that provides Signal with its phone number verification services recently suffered a phishing attack. During that attack, hackers had access to various company accounts at the corporate level. Several other companies were part of the attack, including Signal.
Twilio is an app that helps facilitate communication over SMS or voice. They suffered a data breach on August 4, 2022. Signal app user accounts may have been compromised during that hack. 1900 users of Signal received notification their account may have been part of that phishing attack.
Here is a list of what users should know:
Hackers looked for three specific telephone numbers during the attack on Twilio's database. Following the attack, one out of the three people who owned the numbers the hackers were looking at reaching out to Signal. They disclosed that the hackers changed their telephone number, which means the hackers could re-register a brand-new device and begin sending messages.
Signal says that all messages and contact information were encrypted and secure during the attack. It was also confirmed that the security breach did not affect contact lists, profile information, and blocked users. However, attackers could still access the full account if they knew the original user’s PIN.
Signal is currently taking several steps to protect users in the wake of the breach. One thing they are doing is sending messages with information about the breach to potentially affected accounts. They are also unregistering all devices related to those accounts, and once they have done this, users will need to re-register to regain access to their accounts.
About 1,900 users' phone numbers could have been re-registered to another device during or following the cyber attack. The attack was quickly shut down and was not a threat to the majority of Signal users.
Signal is notifying the 1,900 affected users directly, telling them to re-register for their Signal account.
Users are being told that if they have problems connecting their Signal account with the app, open the app and try to link it again in the app. Plus, users can protect their accounts from attackers if they enable registration lock in the app's settings.