Twilio Hack Affected 1,900 Phone Numbers Of Signal Users

Messaging app Signal states that roughly 1,900 phone numbers may have been compromised in a recent hack of Twilio. 

Signal warns that “an attacker could have attempted to re-register their number to another device or learned that their number was registered to Signal."

However, it  states that users' "message history, contact lists, profile information, whom they’d blocked, and other personal data remain private and secure and were not affected."

Twilio, which provides SMS verification services for Signal, reported the attack earlier this month. 

The firm became aware of unauthorized access to information on a “limited number” of customer accounts last Thursday, August 4, Twilio says in a blog post.

Current and former employees received text messages purporting to be from Twilio’s IT department. 

“Typical text bodies suggested that the employee's passwords had expired, or that their schedule had changed, and that they needed to log in to a URL the attacker controls,” the company states.  

Twilio worked with U.S. carrier networks and hosting providers to shut down these actors. 

Signal adds that it is notifying the 1,900 users directly, and prompting them to re-register Signal on their devices. 

“This attack has since been shut down by Twilio,” it says. “1900 users is a small percentage of Signal’s total users, meaning that most were not affected.”

 

 

Next story loading loading..