Identity

The Intercept warns of compromised Signal tipline username

The Signal app icon on a smartphone.

As noted by Cyber Insider, The Intercept has alerted the public to a security breach involving its official Signal tipline username. An impersonator gained control of the username, posing as the investigative news outlet and potentially jeopardizing confidential sources who attempted to submit sensitive information.

An analysis by Dr. Martin Shelton of the Freedom of the Press Foundation suggests several ways the Signal username could have been compromised. The impersonator reportedly began soliciting tips as early as February 2026, actively promoting the compromised username across social media and responding to lawmakers and federal officials approximately 100 times between April and May. During this period, the fraudulent username remained listed on The Intercept's public tip page, increasing the risk of sources unknowingly contacting the impersonator. The Intercept publicly acknowledged the issue on June 30, updating its contact information and instructing users to avoid the previous username, TheIntercept.01.

Possible causes for the compromise include Signal accounts becoming inactive and their usernames being released for reuse after about 120 days, or a change in username making the previous one available. SIM-swapping attacks are also a less common possibility. The Freedom of the Press Foundation recommends keeping Signal accounts active, avoiding frequent username changes, securing accounts against SIM-swapping, and enabling Signal's Registration Lock and PIN protection to mitigate future risks.

Source: Cyber Insider

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds