Earlier this month online messaging gateway Twilio disclosed that it had suffered a data breach, with the incident confirming that a small amount of customer data was compromised.
As it turns out, the size of the breach may have been undersold as messaging platform Signal has had to issue an alert to its users that the phone numbers of roughly 1 900 users may be in the hands of hackers following the Twilio incident.
For context, Signal makes use of Twilio as a verification partner, which is why user details from the former would exist in the latter’s database.
“All users can rest assured that their message history, contact lists, profile information, whom they’d blocked, and other personal data remain private and secure and were not affected,” the messaging platform tried to reassure users in a support page post.
“For about 1,900 users, an attacker could have attempted to re-register their number to another device or learned that their number was registered to Signal. This attack has since been shut down by Twilio. 1,900 users is a very small percentage of Signal’s total users, meaning that most were not affected,” it added.
The company is now in the process of contacting the aforementioned 1 900 users and advising them to re-register Signal on their devices. Should they receive an SMS message from the company linking to the support page regarding this incident, the following steps should be taken:
- “Open Signal on your phone and register your Signal account again if the app prompts you to do so.
- To best protect your account, we strongly recommend that you enable registration lock in the app’s Settings. We created this feature to protect users against threats like the Twilio attack.”
With Signal being billed as one of the more secure messaging platforms from a privacy and encryption perspective, this newly detailed incident may dent a bit of user confidence. That said, they appear to be acting swiftly to fix things.
