Technology

Several Signal app users’ phone number accessed by hacker after phishing attack

Several Signal app users’ phone number accessed by hacker after phishing attack

Several Signal app users’ phone number accessed by hacker after phishing attack | Photo Credit: REUTERS

The messaging app service Signal said on Monday a phishing attack against its SMS verification partner Twilio meant hackers had accessed phone numbers and registration codes of 1,900 Signal users.

(Sign up to our Technology newsletter, Today’s Cache, for insights on emerging themes at the intersection of technology, business and policy. Click here to subscribe for free.)

In a series of tweets today and a blog post, Signal assured users that message history, contact lists, profile information, and blocked user data had not been exposed by the attack. Furthermore, the message company confirmed that Twilio shut down the attack. 

The information that the hacker accessed would allow them to register the phone numbers on a new device, if the users had not enabled the ‘lock registration’ feature. Signal noted that the hacker specifically searched for three phone numbers, and that one account was re-registered.

“For all 1,900 of the users potentially affected, we will unregister Signal on all devices that the user is currently using (or, that an attacker registered them to) and require them to re-register Signal with their phone number on their preferred device,” stated Signal’s blog post.

Signal also added that it was working with Twilio and other service providers to ensure that their security standards were adequate.

“1,900 users is a very small percentage of Signal’s total users, meaning that most were not affected,” Signal added.

Users have criticised Signal for requiring a phone number which it then authenticates, as more subscribers push for a messaging service based on usernames.


Our code of editorial values

Related Topics
  1. Comments will be moderated by The Hindu editorial team.
  2. Comments that are abusive, personal, incendiary or irrelevant cannot be published.
  3. Please write complete sentences. Do not type comments in all capital letters, or in all lower case letters, or using abbreviated text. (example: u cannot substitute for you, d is not 'the', n is not 'and').
  4. We may remove hyperlinks within comments.
  5. Please use a genuine email ID and provide your name, to avoid rejection.

Printable version | Aug 17, 2022 2:51:13 pm | https://www.thehindu.com/sci-tech/technology/signal-twilio-whatsapp-phishing-attack-hack-users-privacy/article65774116.ece