Security News > 2022 > August > Nearly 1,900 Signal Messenger Accounts Potentially Compromised in Twilio Hack

Nearly 1,900 Signal Messenger Accounts Potentially Compromised in Twilio Hack
2022-08-16 05:42

Popular end-to-end encrypted messaging service Signal on Monday disclosed the cyberattack aimed at Twilio earlier this month may have exposed the phone numbers of roughly 1,900 users.

"For about 1,900 users, an attacker could have attempted to re-register their number to another device or learned that their number was registered to Signal," the company said.

Signal, which uses Twilio to send SMS verification codes to users registering with the app, said it's in the process of alerting the affected users directly and prompting them to re-register the service on their devices.

The development comes less than a week after Twilio revealed that data associated with about 125 customer accounts were accessed by malicious actors through a phishing attack that duped the company's employees into handing over their credentials.

In the case of Signal, the unknown threat actor is said to have abused the access to explicitly search for three phone numbers, followed by re-registering an account with the messaging platform using one of those numbers, thereby enabling the party to send and receive messages from that phone number.

As part of the advisory, the company has also urged users to enable registration lock, an added security measure that requires the Signal PIN in order to register a phone number with the service.


News URL

https://thehackernews.com/2022/08/nearly-1900-signal-messenger-accounts.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Signal 3 1 7 5 1 14