Identity, Breach

Twilio breach compromises nearly 1.9K Signal users’ numbers

TechCrunch reports that approximately 1,900 users of end-to-end encrypted messaging app Signal had their phone numbers and SMS verification codes compromised as a result of last week's Twilio data breach. Access to the customer support console of Twilio enabled threat actors to steal Signal users' numbers and verification codes, according to Signal. "For about 1,900 users, an attacker could have attempted to re-register their number to another device or learned that their number was registered to Signal. Among the 1,900 phone numbers, the attacker explicitly searched for three numbers, and we've received a report from one of those three users that their account was re-registered," Signal added. Signal said that it will be requiring repeat registrations for users impacted users, which have also been urged to activate the registration lock feature to curb re-registrations without the user's PIN. The incident is expected to further advance calls for Signal to end its dependence on phone numbers for account registration.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.