Home>Blog>The Hacker News Headlines>Nearly 1,900 Signal Messenger Accounts Potentially Compromised in Twilio Hack
The Hacker News Headlines

Nearly 1,900 Signal Messenger Accounts Potentially Compromised in Twilio Hack

Signal Messenger Account

Popular end-to-end encrypted messaging service Signal on Monday
disclosed the cyberattack aimed at Twilio earlier this month may
have exposed the phone numbers of roughly 1,900 users.

“For about 1,900 users, an attacker could have attempted to
re-register their number to another device or learned that their
number was registered to Signal,” the company said[1]. “All users can rest
assured that their message history, contact lists, profile
information, whom they’d blocked, and other personal data remain
private and secure and were not affected.”

Signal, which uses Twilio to send SMS verification codes to
users registering with the app, said it’s in the process of
alerting the affected users directly and prompting them to
re-register the service on their devices.

CyberSecurity

The development comes less than a week after Twilio revealed[2]
that data associated with about 125 customer accounts were accessed
by malicious actors through a phishing attack that duped the
company’s employees into handing over their credentials. The breach
occurred on August 4.

In the case of Signal, the unknown threat actor is said to have
abused the access to explicitly search for three phone numbers,
followed by re-registering an account with the messaging platform
using one of those numbers, thereby enabling the party to send and
receive messages from that phone number.

As part of the advisory, the company has also urged users to
enable registration lock[3], an added security
measure that requires the Signal PIN in order to register a phone
number with the service.

CyberSecurity

Web infrastructure provider Cloudflare, which was also unsuccessfully targeted[4]
by the sophisticated phishing scam, said the use of physical
security keys issued to every employee helped it impede the
attack.

Phishing and other types of social engineering rely on the human
factor to be the weakest link in a breach. But the latest incident
also serves to highlight that third-party vendors pose as much a
risk to companies.

The development further underscores the dangers of relying on
phone numbers as unique identifiers, what with the technology
susceptible to SIM swapping[5]
that allows bad actors to carry out account takeover attacks and
illicit money transactions.

References

  1. ^
    said
    (support.signal.org)
  2. ^
    revealed
    (thehackernews.com)
  3. ^
    enable
    registration lock     (support.signal.org)
  4. ^
    unsuccessfully targeted
    (thehackernews.com)
  5. ^
    SIM
    swapping     (thehackernews.com)

Read more

Leave a Reply

Powered By Anakyst UK Work done easy Discover Great Places People Websites in Nigeria. Be Discovered and Discover Great Places People Products & Websites in Nigeria. Tell us what you need to advertise online onradio ontv and where you want to advertise and discover talented publishers and advertisers within minutes for just a fraction of the cost!JobScout | Developed By Rara Theme. Powered by WordPress.