Security News > 2022 > August > 1,900 Signal users exposed following Twilio breach
The attacker behind the recent Twilio data breach may have accessed phone numbers and SMS registration codes for 1,900 users of the popular secure messaging app Signal.
"Among the 1,900 phone numbers, the attacker explicitly searched for three numbers, and we've received a report from one of those three users that their account was re-registered," the Signal team shared on Monday.
Twilio provides phone number verification services services for Signal.
This allowed the attacker to gather either the phone numbers of 1,900 registered Signal users or the SMS verification code they used to register with Signal.
Signal is notifying potentially affected users of this breach directly via SMS. The company has unregistered Signal on all devices that these 1,900 users are currently using and is asking them re-register Signal with their phone number on their preferred device.
"The kind of telecom attack suffered by Twilio is a vulnerability that Signal developed features like registration lock and Signal PINs to protect against. We strongly encourage users to enable registration lock. While we don't have the ability to directly fix the issues affecting the telecom ecosystem, we will be working with Twilio and potentially other providers to tighten up their security where it matters for our users," the team concluded.
News URL
https://www.helpnetsecurity.com/2022/08/16/signal-twilio-breach/