Signal is the collateral victim of the vast phishing attack carried out recently against Twilio. The data stolen from this Signal partner affected nearly 2,000 secure messaging users.
Twilio is a company unknown to the general public, yet it is an essential link for Signal: it is indeed the company that provides a telephone number verification service when you register for instant messaging. Unfortunately, a phishing attack a few days ago allowed hackers to obtain credentials.
A proxy attack
In detail, the very sophisticated attack affected Twilio employees, invited by the company’s (fake) IT department to log back into their account by following a fraudulent link. With the help of these credentials, hackers were able to attack Signal users.
The courier service communicated publicly on the subject. First by warning 1,900 users: a hacker was able to try to re-register the number on another device or learn that the number was registered on Signal. On the other hand, other data was not affected (message history, contact lists, profile information, blocked contacts and other personal data), because it is stored on the device and not on Signal’s servers.
The messaging states that the hacker explicitly sought to obtain three numbers, one of them having been re-registered by the hacker: the latter was therefore able to receive and send messages from the victim’s account. Directly affected users will need to re-register in Signal if the app asks for it, then enable the Record Blocking feature in Settings (something all users should do to be on the safe side). This option was designed specifically for such threats.
Bitdefender Plus Antivirus