Recently @twilio, which provides SMS verification services for Signal, suffered a phishing attack. Via Twilio, attackers may have accessed phone numbers & SMS registration codes for 1,900 Signal users. 1/
Message history, profile info, contact lists, & other data were NOT & could not be accessed. The information attackers accessed could allow them to attempt to register a Signal userโs phone number on a new device if that user had not enabled registration lock. 2/
We have identified and are contacting the 1,900 potentially affected users. We are prompting them to re-register their Signal numbers and encouraging them to enable registration lock. We are also working with Twilio to ensure they upgrade their security practices. 3/
We have published more information here: signal.org 4/
Signal's commitment to your privacy โto building a product that protects your information from third parties including Signalโis what ensured that message history, profile info, contact lists, and other data were not vulnerable in this incident. FIN
Our registration lock function protects against these kinds of attacks.
Enable registration lock by going into your Settings >> Account >> Registration Lock.
#manage_registration_lock" target="_blank" rel="noopener" onclick="event.stopPropagation()">support.signal.org
Enable registration lock by going into your Settings >> Account >> Registration Lock.
#manage_registration_lock" target="_blank" rel="noopener" onclick="event.stopPropagation()">support.signal.org
Loading suggestions...