Signal alerts 1,900 users about security breach from Twilio hackers


San Francisco, Aug 16 (IANS): As part of the breach at communications giant Twilio, end-to-end encrypted messaging app Signal said that hackers accessed the phone numbers and SMS verification codes of 1,900 users.

The US-based Cloud communications company, which provides Signal with phone number verification services, notified the messaging platform that they had suffered a phishing attack, therefore, it investigated the incident.

"For about 1,900 users, an attacker could have attempted to re-register their number to another device or learned that their number was registered to Signal. This attack has since been shut down by Twilio," Signal said in a blogpost.

The company said that 1,900 users are a very small percentage of Signal's total users, meaning that most were unaffected.

"We are notifying these 1,900 users directly and prompting them to re-register Signal on their devices," the company said.

Among the 1,900 phone numbers, the attacker explicitly searched for three numbers, and Signal received a report from one of those three users that their account was re-registered.

Importantly, this did not give the attacker access to any message history, profile information, or contact lists.

"We are in contact with Twilio, and are actively working with them and other providers to improve their security practices. On the user side, we encourage users to enable registration lock," the platform said.

Twilio, which owns popular two-factor authentication (2FA) Authy, said over the weekend that on August 4, it became aware of unauthorised access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials.

  

Top Stories


Leave a Comment

Title: Signal alerts 1,900 users about security breach from Twilio hackers



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.