Messenger Signal told about the leakage of numbers and confirmation codes of 1.9 thousand users. This happened due to a phishing attack on the Twilio database, which checks numbers. The attackers gained access to the data of 125 of her company clients, including Signal, but did not disclose this data.
According to Signal, message history, contact lists, user profile information remain private. However, the attackers can re-register the numbers of 1.9 thousand users on third-party devices and conduct correspondence on behalf of the account holders. The administration of the messenger sent warnings to those affected by the attack.
“Importantly, this did not give the attacker access to any message history, profile information, or contact lists,” according to the Signal support site. - Message history is only stored on your device and Signal does not store a copy of it. Your contact lists, profile information, who you have blocked, and more can only be recovered using a Signal PIN, which was not (and could not be) accessed as part of this incident. However, if the attacker was able to re-register the account, they could send and receive Signal messages from that phone number."
Signal messenger is considered one of the most secure and confidential communication programs with end-to-end encryption. It does not collect user information and does not share any data with third parties. In 2020, it was reported that the Israeli company Cellebrite was able to hack the messenger, but later it turned out that this was a fake.