17:20
13:53
15:23
09:53
12:45
12:27
17:20
13:53
15:23
09:53
12:45
12:27
17:20
13:53
15:23
09:53
12:45
12:27
17:20
13:53
15:23
09:53
12:45
12:27
Hackers managed to access the phone numbers and SMS verification codes for almost 2,000 users of the end-to-end encrypted messaging app Signal as part of the breach at communications giant Twilio last week.
Twilio, which provides phone number verification services to Signal, said that the data of 125 customers was accessed after a successful phishing attack on multiple employees. Signal confirmed that it was one of the victims.
Signal said that it would notify the users whose phone numbers or SMS verification codes were stolen, as hackers could have attempted to re-register their number to another device or learned that their number was registered to Signal.
Among the 1,900 phone numbers, the attacker explicitly searched for three numbers, and we’ve received a report from one of those three users that their account was re-registered.
Hackers cannot gain access to message history, which Signal doesn’t store, or contact lists and profile information, which is protected by the user’s security PIN, but could well send and receive Signal messages from that phone number, in case tthe account was re-registered.
Signal will unregister the affected users on all their devices and will require them to re-register Signal with their phone number on their preferred device.
To protect your account from being re-registered, the company advises to switch on registration lock, a feature that prevents re-registration without the user’s security PIN.