Some Signal users hit by Twilio data breach

The phone numbers of around 1,900 Signal users were potentially revealed following a phishing attack at Twilio.

Anne Morris, Contributing Editor, Light Reading

August 16, 2022

2 Min Read
Some Signal users hit by Twilio data breach

Messaging platform Signal was a huge beneficiary of rival WhatsApp’s woes early last year. When the Facebook-owned chat application introduced new terms in January 2021, it prompted a backlash from customers who started moving to rival free-to-use encrypted messaging apps such as Signal and Telegram.

Indeed, Signal and Telegram are generally regarded as more secure messaging services with greater privacy protections, even though every WhatsApp message is in fact protected by the same Signal encryption protocol.

However, this is after all the Internet, and it appears few services can remain entirely immune to some sort of privacy breach or attack.

Figure 1: The phone numbers of around 1,900 Signal users were potentially revealed following a phishing attack at Twilio. (Source: Peter Kovač / Alamy Stock Photo) The phone numbers of around 1,900 Signal users were potentially revealed following a phishing attack at Twilio.
(Source: Peter Kováč / Alamy Stock Photo)

Signal itself is facing such a moment. Recently Twilio, the company that provides Signal with phone number verification services, suffered a phishing attack.

Essentially, someone gained access to Twilio’s customer support console via phishing – an attack that also affected around 1,900 Signal users.

Insecure line

According to Signal’s own investigations, either the phone numbers or SMS verification codes of these users were potentially revealed. The company said it is notifying all 1,900 potentially affected users directly via SMS and will also require those customers to re-register with Signal.

The messaging service insists that users’ private data and information "remain private and secure and were not affected".

"Signal is designed to keep your data in your hands rather than ours," it said.

Want to know more about security? Check out our dedicated security channel here on
Light Reading.

"And this information certainly is not available to Twilio, or via the access temporarily gained by Twilio’s attackers."

However, it warns that in the case that an attacker was able to re-register an account during the time that the Twilio attack was active, they could send and receive messages from that phone number on Signal.

Users are now being encouraged to enable registration lock for their Signal account to gain additional protection. In the meantime, Signal says it is "actively working" with Twilio and other providers to improve their security practices.

Related posts:

— Anne Morris, contributing editor, special to Light Reading

About the Author(s)

Anne Morris

Anne Morris

Contributing Editor, Light Reading

Anne Morris is a freelance journalist, editor and translator. She has been working in the telecommunications sector since 1996, when she joined the London-based team of Communications Week International as copy editor. Over the years she held the editor position at Total Telecom Online and Total Tele-com Magazine, eventually leaving to go freelance in 2010. Now living in France, she writes for a number of titles and also provides research work for analyst companies.

See more from Anne Morris
Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.
Sign me up

You May Also Like

Latest News

rocket ship turbo boost
Customer Experience
AT&T to offer 'Turbo' boost for $7/month
AT&T to offer 'Turbo' boost for $7/month

May 1, 2024

ock em Sock em Robots classic game by Mattel with boxing gloves in background
Video Streaming
Fubo's fight with Warner Bros. Discovery intensifies
Fubo's fight with Warner Bros. Discovery intensifies

May 1, 2024

Gold colored fiber optic illustration
FTTX
Lumen considers 'all possible arrangements' for fiber biz
Lumen considers 'all possible arrangements' for fiber biz

May 1, 2024

Money printing machine printing 100 dollar banknotes.
Cable Technology
Comcast and Charter represented nearly half of Harmonic's take in Q1
Comcast and Charter represented nearly half of Harmonic's take in Q1

May 1, 2024

Upcoming Webinars
More Webinars

Popular whitepapers in 5G

thumbnail
Sponsored Content
5G Orchestration and Service Assurance: 2024 Heavy Reading Survey5G Orchestration and Service Assurance: 2024 Heavy Reading Survey
Apr 26, 2024
1 Min Read
thumbnail
5G
Operator transitions to 5G SA core decline YoY in 2023 – Counterpoint ResearchOperator transitions to 5G SA core decline YoY in 2023 – Counterpoint Research
Feb 29, 2024
3 Min Read
thumbnail
5G
5G Network Strategies Operator Survey: Powering 5G SA Networks5G Network Strategies Operator Survey: Powering 5G SA Networks
Feb 23, 2024
1 Min Read
May 21 - May 23, 2024
Join us for an immersive experience where the future of North American telecom industry unfolds in 2024.
LEARN MORE

Featured Videos

Optical Networking
Demo: Explore the Value of Multi-Vendor Interoperability in Transport Technology with OIF and Juniper
Demo: Explore the Value of Multi-Vendor Interoperability in Transport Technology with OIF and Juniper
Sponsored Content
Heavy Reading analysts get ready for Network X Americas
Heavy Reading analysts get ready for Network X Americas
5G
Partner Content - How China Broadnet Built Its 5G Core Network – And How It’s Approaching 5.5G Core Network
Partner Content - How China Broadnet Built Its 5G Core Network – And How It’s Approaching 5.5G Core Network