Phone numbers of 1,900 Signal users exposed During a phishing attack by Twilio, a company that provides a number verification service for the messaging app. The incident took place in early August and was confirmed by the platform on Monday (15).
The leak has started Twilio network hack, after it compromised the accounts of some company employees. From there, malicious agents gained access to the data of 125 of the firm’s customers, including the encrypted messaging service.
According to Signal, cybercriminals only had access to phone numbers and SMS verification codes associated with them, used to confirm registration in the application. In this way, attackers could have taken advantage of the leaked information to try to register the affected accounts on other devices.
All users whose numbers have been compromised are notified. According to the company, they will need to re-register their phones with the platform and will need to seek advice. enable log lock in app settingsMaintaining the profile of threats created by Attack on Twilio.
Messages could not be accessed
Inappropriate access to message history, profile information and contact lists did not occur during the malicious action, according to Signal. The platform pointed out that it does not only have copies of the conversations stored on the user’s device.
As for the details of profiles, contact lists and blocked contacts, among other data, these are just Signal PINAccording to the company, it has not been compromised by cybercriminals.
Twilio said it has taken all measures to contain the data leak and continues to investigate the incident.
Source: Tec Mundo
