Signal has been the victim of a cyber attack which has exposed personal data of up to 1,900 of its users. The instant messaging application, known for offering a more private and secure alternative to WhatsAppconfirmed this Monday on his Twitter account.
Signal works with Twilio, an external company that performs a verification service for the phone numbers associated with the app through SMS messages. In early August, this company fell victim to a “sophisticated” computer assault which allowed attackers to penetrate their systems and gain control of sensitive customer data, including some Signal users. This was achieved by the method ‘phishing‘, which spoofed the identity of Twilio employees to gain access to the system.
The application, recommended by the former CIA analyst Edward Snowden For your security, you have now explained that this attack has compromised the data of 1,900 users, a small proportion of the more than 40 million users that Signal has worldwide. “All users can rest assured that their message history, contact lists, profile information, who they have blocked, and other personal data remain private and secure and have not been affected,” they said in a statement.
What to do if you have Signal?
Thus, the information stolen by the attackers could allow them to try to register the number of telephone of a Signal user on a new device. This could happen in those accounts that did not have the registry lock activated. In this case, the attackers would not have access to the messages prior to the installation of the app, although they could use the account to impersonate the identity of the victim.
That is why the non-profit company has asked its users to activate the registry lock, a function that reinforces the security of the account by asking for the PIN to re-register the phone number. To do so, users can go to the app, settings, privacy, and then turn on that registration lock.