Security News > 2022 > August > 1,900 Signal users exposed: Twilio attacker 'explicitly' looked for certain numbers

Signal - considered one of the better secured of all the encrypted messaging apps - claims the attacker would not have been able to access the message history, contact lists, profile information, or other personal data associated with these user accounts.

According to Signal's security note, when Twilio was hit by a phishing attack earlier this month, this may potentially have led to the phone number of 1,900 Signal users being revealed as registered to a specific Signal account.

Intriguingly, Signal states that the attacker explicitly searched for three phone numbers among the 1,900 accessed, and the organization has since received a report from one of those three users that their account was indeed re-registered.

In this case, where an attacker was able to re-register an account, they would then be able to send and receive Signal messages from that phone number, Signal confirmed.

We asked Signal if there was any explanation as to why the attacker should target these three specific users, and we will update the story if we get a response.

Signal said that its vulnerability to the Twilio attackers was one it has already sought to address through features such as registration lock and the Signal PIN. Registration lock prevents anyone from registering a user's phone number onto a new phone unless they have the PIN associated with that account.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/08/16/twilio_breach_fallout_signal_user/