When it comes to privacy and security in messaging apps, Singal is the first name that comes to mind. The app has always insisted on its robust security protocols to protect users’ privacy and provide a safe platform for messaging. However, a data breach at a third-party partner has put Signal in a critical condition. Dates back to March, Signal also denied the news of a server hack. As per the company’s announcement, the data breach happened at Twilio as the verification partner. Also, TechCrunch reports that hackers used the information to identify Signal users or re-register their numbers to other devices. “For about 1,900 users, an attacker could have attempted to re-register their number to another device or learned that their number was registered to Signal. This attack has since been shut down by Twilio. 1,900 users is a very small percentage of Signal’s total users, meaning that most were not affected.” Signal said. Moreover, three phone numbers are targeted, and hackers could re-register one user’s account. Singal’s strategy to not to store the chat histories or contacts helped the company to keep other sensitive information safe.
Roughly 1,900 Signal users were affected by a data breach at Twilio
Of course, Signal says it’s taking some necessary steps to limit the damage scope. First, they unregistered the app on all devices linked to affected accounts and then forced users to re-register. Signal recommends its users enable a registration lock. Once the feature is enabled, you need to provide a PIN code anytime you want to re-register your account on another device. Back on August 8th, Twilio officially confirmed the data breach, saying attackers could gain access to the accounts of 125 customers. Twilio provides its services to many well-known businesses, and the name of other affected companies is still unknown. Signal is notifying the affected users via SMS. If your account is compromised, you may receive a message from Signal saying, “This is from Signal Messenger. We’re reaching out so you can protect your Signal account. Open Signal and register again. More info: https://signal.org/smshelp.”