Messaging platform Signal was a huge beneficiary of rival WhatsApp’s woes early last year. When the Facebook-owned chat application introduced new terms in January 2021, it prompted a backlash from customers who started moving to rival free-to-use encrypted messaging apps such as Signal and Telegram.
Indeed, Signal and Telegram are generally regarded as more secure messaging services with greater privacy protections, even though every WhatsApp message is in fact protected by the same Signal encryption protocol.
However, this is after all the Internet, and it appears few services can remain entirely immune to some sort of privacy breach or attack.
Signal itself is facing such a moment. Recently Twilio, the company that provides Signal with phone number verification services, suffered a phishing attack.
Essentially, someone gained access to Twilio’s customer support console via phishing – an attack that also affected around 1,900 Signal users.
According to Signal’s own investigations, either the phone numbers or SMS verification codes of these users were potentially revealed. The company said it is notifying all 1,900 potentially affected users directly via SMS and will also require those customers to re-register with Signal.
The messaging service insists that users’ private data and information "remain private and secure and were not affected".
"Signal is designed to keep your data in your hands rather than ours," it said.
"And this information certainly is not available to Twilio, or via the access temporarily gained by Twilio’s attackers."
However, it warns that in the case that an attacker was able to re-register an account during the time that the Twilio attack was active, they could send and receive messages from that phone number on Signal.
Users are now being encouraged to enable registration lock for their Signal account to gain additional protection. In the meantime, Signal says it is "actively working" with Twilio and other providers to improve their security practices.
- WhatsApp under fire in EU over consumer rights
- Twilio targets 'consistent' profitability from 2023
- Twilio pays $3.2B for data platform Segment
— Anne Morris, contributing editor, special to Light Reading