Technology

Nearly 1900 Signal users: Here’s what happened

Phone numbers of nearly 1900 Signal users were exposed in a data breach, after Twilio, the company that provides Signal with phone number verification services, suffered a phishing attack. It should be noted that Signal, is a popular messaging platform that gained massive popularity in India after WhatsApp in January 2021 made changes to its privacy policy where it mentioned that it would share user data with Facebook, this update was later reversed.
“1,900 users are a very small percentage of Signal’s total users, meaning that most were not affected. We are notifying these users directly, and prompting them to re-reger Signal on their devices,” Signal said in a press statement. However, the company said that all users can be assured that “their message hory, contact ls, profile information, whom they’d blocked, and other personal data remain private and secure and were not affected.”
What happened exactly?
An attacker gained access to Twilio’s customer support console via phishing. This means the attackers messaged a customer support executive with a link, which when clicked gave them access to Twilio’s customer support systems. It was possible for them to attempt to reger the phone numbers they accessed to another device using the SMS verification code.

For approximately 1,900 users, either their phone numbers were potentially revealed as being regered to a Signal account, or the SMS verification code used to reger with Signal was revealed. According to Signal, the attacker no longer has this access, and the attack has been shut down Twilio.
“Your contact ls, profile information, whom you’ve blocked, and more can only be recovered with your Signal PIN which was not (and could not be) accessed as part of this incident. However in the case that an attacker was able to re-reger an account, they could send and receive Signal messages from that phone number,” Signal said in a blog post.
Are you affected?
Signal is notifying all 1,900 potentially affected users directly via SMS. As of August 16, the company has already notified users and is requiring them to re-reger Signal with their phone numbers.
The SMS message that Signal is sending to the affected user reads: “This is from Signal Messenger. We’re reaching out so you can protect your Signal account. Open Signal and reger again. ” If you saw a banner when you opened Signal saying your device is no longer regered, you may have been impacted.
Staying safe
Users should enable regration lock for their Signal account. This includes using an optional regration lock with your Signal PIN, this adds an additional verification layer to the regration process. Here’s how you can do it:
#Go to Signal Settings (profile)
#Click on Account
#Set up ‘Regration Lock’
“We are in contact with Twilio and are actively working with them and other providers to improve their security practices. On the user side, we encourage users to enable regration lock,” Signal added.

Related Articles

Back to top button