San Francisco, Aug 16 : As part of the breach at the communications giant Twilio the End-to-end encrypted messaging app Signal reported that hackers gained access to the SMS verification numbers and phone numbers of 1900 customers.
The American-based Cloud communications firm, which offers Signal with phone number verification, informed the platform for messaging that they’d been hit by an attack that was phishing it began investigating the incident.
“For around 1,900 users, an attacker could have tried to register their number on another device or discovered the number had been registered with Signal.This attack was later stopped by Twilio,” Signal said in a blog post.
The company stated that 1,900 users comprise just a small fraction of Signal’s overall users, which means that the majority of users were unaffected.
“We are informing the 1,900 users directly and asking them to register again with Signal to their devices,” the company stated.
Of the 1,900 phone numbers, hackers specifically looked for three numbers and Signal received a message from one of the three users that their account was registered.
Importantly, this didn’t give the attacker access any history of messages or profile information, nor contacts lists.
“We are in contact with Twilio and we are actively in collaboration with Twilio and other service providers to enhance their security practices.On the user’s end we urge users to activate registration locks,” the platform said.
Twilio is the owner of well-known two-factor authentication (2FA) Authy, said over the weekend that on August 4, it was made aware of unauthorised access to data that was associated with a small amount of Twilio customers’ accounts.It was the result of an elaborate social engineering attack that was designed to steal credentials from employees.
vc/
