Signal alerts 1,900 users about security breach from Twilio hackers : The Tribune India

Signal alerts 1,900 users about security breach from Twilio hackers

‘We are notifying these users directly and prompting them to re-register Signal on their devices’, company said

Signal alerts 1,900 users about security breach from Twilio hackers

Photo used for representational purpose only. iStock

IANS

San Francisco, August 16

As part of the breach at communications giant Twilio, end-to-end encrypted messaging app Signal said that hackers accessed the phone numbers and SMS verification codes of 1,900 users.

The US-based Cloud communications company, which provides Signal with phone number verification services, notified the messaging platform that they had suffered a phishing attack, therefore, it investigated the incident.

"For about 1,900 users, an attacker could have attempted to re-register their number to another device or learned that their number was registered to Signal. This attack has since been shut down by Twilio," Signal said in a blogpost.

The company said that 1,900 users are a very small percentage of Signal's total users, meaning that most were unaffected.

"We are notifying these 1,900 users directly and prompting them to re-register Signal on their devices," the company said.

Among the 1,900 phone numbers, the attacker explicitly searched for three numbers, and Signal received a report from one of those three users that their account was re-registered.

Importantly, this did not give the attacker access to any message history, profile information, or contact lists.

"We are in contact with Twilio, and are actively working with them and other providers to improve their security practices. On the user side, we encourage users to enable registration lock," the platform said.

Twilio, which owns popular two-factor authentication (2FA) Authy, said over the weekend that on August 4, it became aware of unauthorised access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials.

 

Tribune Shorts


Top News

Indonesia police say 129 people killed after stampede at soccer match

129 killed, 180 injured in riot, stampede at football match in Indonesia

Video footage from local news channels show fans streaming o...

Gangster Deepak Tinu involved in Sidhu Moosewala's killing escapes from Mansa CIA custody

Gangster Deepak Tinu involved in Sidhu Moosewala's killing escapes from Mansa CIA custody

Deepak Tinu is a close aide of jailed gangster Lawrence Bish...

4 killed, 1 seriously injured in car accident near Sonadhar in Shimla

4 killed, 1 seriously injured in car accident near Sonadhar in Shimla

Car occupants were on their way to Karewath from Theog when ...

We pledge to unite India like Mahatma Gandhi united country against injustice: Rahul

We pledge to unite India like Mahatma Gandhi united country against injustice: Rahul

Congress leaders pay homage to the Father of the Nation on h...

Punjab Govt may hike cane SAP by Rs 20-30/quintal

Punjab Govt may hike cane SAP by Rs 20-30 per quintal

Crushing season to begin in Nov | Private mills oppose move,...


Cities

View All