Earlier this month, Twilio, a gateway that helps web platforms communicate over voice or SMS, suffered a data breach. Now, it has emerged that the Twilio data breach has affected users of Signal, the encrypted messaging platform.
Also Read | Xiaomi Smart TV 5A Pro 32 ‘budget’ smart Android TV launched in India for Rs 16,999: Details
Signal has announced that it alerted 1,900 users that their account details were potentially revealed to whoever hacked Twilio. The messaging platform said the attackers searched for three specific numbers during the time they hacked into Twilio.
So far, Signal said it had heard from one of the three users that the attackers used their access to Twilio to re-register a new device associated with the number — allowing them to receive and send messages from that account.
“Recently Twilio, the company that provides Signal with phone number verification services, suffered a phishing attack,” Signal said in a blog post. “All users can rest assured that their message history, contact lists, profile information, whom they’d blocked, and other personal data remain private and secure and were not affected.”
“For about 1,900 users, an attacker could have attempted to re-register their number to another device or learned that their number was registered to Signal. This attack has since been shut down by Twilio. 1,900 users is a very small percentage of Signal’s total users, meaning that most were not affected.”
Also Read | Sony launches flagship Bravia XR 85X95K 4K Mini LED TV in India: Check price, full specs
However, if someone was among the users the data breach potentially revealed, and they didn’t use Signal’s Registration Lock setting that required their PIN to add a new device, an attacker could have re-registered their number.
“The kind of telecom attack suffered by Twilio is a vulnerability that Signal developed features like registration lock and Signal PINs to protect against. We strongly encourage users to enable registration lock. While we don’t have the ability to directly fix the issues affecting the telecom ecosystem, we will be working with Twilio and potentially other providers to tighten up their security where it matters for our users,” Signal said.
Also Read | Samsung Galaxy Z Fold 4 price in India starts at Rs 1,54,999; Galaxy Z Flip 4 at Rs 89,999: Details
The messaging platform is now sending messages to potentially affected users with a link to its support page. It was also unregistering all devices connected to those numbers.
