Signal confirmed that some 1,900 users of its messaging app have been affected by the data breach resulting from the ‘phishing’ attack suffered by the communication service provider Twilio.
Twilio is an outside company that offers Signal a phone number verification service. Earlier this month, it reported unauthorized access to its systems following a “sophisticated” ‘phishing’ attack based on social engineering to steal the credentials of its employees.
The credentials gave the attackers access to Twilio’s internal systems and the information of some of its clients, among which is Signal, the company responsible for the homonymous application focused on user privacy.
Now Signal has confirmed the data breach, which affects some 1,900 users of its app, and which may lead to attackers try registering phone numbers on other devices to access accounts.
The company ensures that data such as search history, profile information, contact list or even blocked people, have not been affected by this security breach, as stated in a statement on its website.
From Signal they point out that the security incident has affected “a very small percentage” of app users, who have been contacted to re-register your phone number on their own devices and enable a registration block.