Signal Says 1,900 Accounts Were Compromised in Twilio Breach, Attackers Searched for Numbers
Trump lawyers launched major effort to breach voting equipment, Microsoft scuttled Russian state-sponsored hacking operation, Americans sue Pompeo for eavesdropping during Assange visits, much more
End-to-end encrypted messaging app Signal says attackers accessed the phone numbers and SMS verification codes for almost 2,000 users as part of the breach at communications giant Twilio last week, during which a malicious actor accessed 125 of its customers’ data.
Signal said it would notify about 1,900 users whose phone numbers or SMS verification codes were stolen when attackers gained access to Twilio’s customer support console. Among the 1,900 phone numbers, the attacker explicitly searched for three numbers. Signal said it received a report from one of those three users that their account was re-registered to send and receive messages on that account. The incident will likely reignite calls that Signal cease its reliance on phone numbers. (Carly Page / TechCrunch)
Related: Signal, The Tech Outlook, Bleeping Computer, PCMag.com, iTnews - Security, The Verge, Gizmodo, Mobile Syrup, Ars Technica, Cyber Kendra, Silicon Republic, TechCentral, PhoneArena, CyberNews, Help Net Security
Keep reading with a 7-day free trial
Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.