Security News > 2022 > August > Twilio hack exposed Signal phone numbers of 1,900 users
Phone numbers of close to 1,900 Signal users were exposed in the data breach Twilio cloud communications company suffered at the beginning of the month.
Twilio provides phone number verification services for Signal and last week disclosed that an attacker hacked its network on August 4.
For about 1,900 Signal users their phone numbers were potentially exposed to the Twilio attacker, who could have attempted to register them to another device.
"During the window when an attacker had access to Twilio's customer support systems it was possible for them to attempt to register the phone numbers they accessed to another device using the SMS verification code. The attacker no longer has this access, and the attack has been shut down by Twilio" - Signal.
Impacted users should receive a message reading: "This is from Signal Messenger. We're reaching out so you can protect your Signal account. Open Signal and register again. More info: https://signal.org/smshelp."
Signal encourages users to turn on the registration lock option, which allows recovering the profile, settings, contacts, and blocked users.