Signal Fears Phishing Attackers May Have Accessed Phone Numbers of 1,900 Users

Signal said the attackers could have accessed the SMS verification code used to register with the app.

By Reuters | Updated: 16 August 2022 11:07 IST

Signal Fears Phishing Attackers May Have Accessed Phone Numbers of 1,900 Users

Signal said the phone numbers of 1,900 users could have been revealed

Highlights

Twilio disclosed the attack earlier this month
China recently became a target of a phishing attack
The hacker with the username "XJP" posted an offer to sell the data

Encrypted messaging service Signal said the phone numbers of 1,900 users could have been revealed in a phishing attack on Twilio Inc, its verification services provider, earlier this month.

The attacker could also have accessed the SMS verification code used to register with Signal, but message history, profile information and contact lists were not revealed, the company said in a blog post on Monday.

"An attacker could have attempted to re-register number to another device or learned that their number was registered to Signal," it said.

Samsung Wins Patent for a Tri-Fold Smartphone With Specialised Barrier Layer for Improved Durability

Twilio, which disclosed the attack earlier this month, said it has been working together with Signal to help their investigation.

The San Francisco, California-based company counts over 256,000 businesses, including Ford Motor, Mercado Libre, and HSBC, among its customers.

China recently became a target of a phishing attack when a hacker claimed to have obtained the personal information of 48.5 million users of a COVID health mobile app run by the city of Shanghai. This is the second claim of a breach of the Chinese financial hub's data in just over a month.

Signal Gets New Chat Migration Feature in Latest Beta: Report

The hacker with the username "XJP" posted an offer to sell the data for $4,000 (roughly Rs. 3,20,000) on the hacker forum Breach Forums last week.

The person provided a sample of the data including the phone numbers, names, Chinese identification numbers, and health code status of 47 people.

Eleven of the 47 reached by Reuters confirmed they were listed in the sample, though two said their identification numbers were wrong. Reuters was unable to further verify the authenticity of the hacker's claim.

© Thomson Reuters 2022

What should you make of Realme's three new offerings? We discuss them on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.

Affiliate links may be automatically generated - see our ethics statement for details.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.