"Nearly 1,900 Signal Messenger Accounts Potentially Compromised in Twilio Hack"
The popular end-to-end encrypted messaging service Signal revealed on that the cyberattack on Twilio earlier this month may have exposed the phone numbers of approximately 1,900 users. An attacker could have attempted to re-register their number to another device or learned that their number was registered to Signal. The company stated that all users can be confident that their message history, contact lists, profile information, blocked contacts, and other personal data remain private and secure and have not been compromised. Signal, which uses Twilio to send SMS verification codes to app users, said it is in the process of notifying affected users and prompting them to re-register the service on their devices. The news comes less than a week after Twilio revealed that malicious actors gained access to data associated with nearly 125 customer accounts via a phishing attack that tricked the company's employees into handing over their credentials. In the case of Signal, the unidentified threat actor is alleged to have abused the access to specifically search for three phone numbers, after which they are said to have re-registered an account with the messaging service using one of those numbers, allowing them to send and receive messages from that phone number. The company has also advised users to enable registration lock, an added security measure that requires the Signal PIN in order to register a phone number with the service. This article continues to discuss the compromise of 1,900 Signal accounts in the Twilio attack.
THN reports "Nearly 1,900 Signal Messenger Accounts Potentially Compromised in Twilio Hack"