Communication apps Seucre Signal told nearly 2,000 customers that they may have been targeted by a recent cyberattack.
The message is linked to the recent Twilio hack after the cybercriminal successfully phased out login credentials from a number of his employees.
During this time, it may or may not access the phone numbers of Signal’s 1,900 users as Twilio provides Signal phone number verification services.
Message history is safe
At the time of the hack, Signal said in its warning that having access to these phone numbers meant they could re-register Signal on their endpoints, essentially stealing the identity of victims on the platform.
Twilio has since closed the attack, confirmed by Signal, and added that 1,900 users accounted for a “very small percentage” of all users, meaning most were not affected. However, those who were affected did receive a warning from the company to re-register the app on their devices to be sure.
“All users can be sure that their message history, contact lists, profile information, who they have blocked and other personal information remain private and secure and have not been compromised,” the company confirmed. The message history is only stored on the device, Signal said, adding that the company doesn’t keep any copies. To access the message history, attackers would need physical access to human devices.
Moreover, the contact list, profile information, data of blocked contacts and other information can only be recovered by using a PIN signal, which the attackers could not get hold of.
“However, in the event that the attacker was able to re-register the account, he could send and receive Signal messages from that phone number.” the company has finished.
By: A hissing computer (opens in a new tab)