TechCrunch reports that approximately 1,900 users of end-to-end encrypted messaging app Signal had their phone numbers and SMS verification codes compromised as a result of last week's Twilio data breach.
Access to the customer support console of Twilio enabled threat actors to steal Signal users' numbers and verification codes, according to Signal.
"For about 1,900 users, an attacker could have attempted to re-register their number to another device or learned that their number was registered to Signal. Among the 1,900 phone numbers, the attacker explicitly searched for three numbers, and we've received a report from one of those three users that their account was re-registered," Signal added.
Signal said that it will be requiring repeat registrations for users impacted users, which have also been urged to activate the registration lock feature to curb re-registrations without the user's PIN. The incident is expected to further advance calls for Signal to end its dependence on phone numbers for account registration.
Identity, Breach
Twilio breach compromises nearly 1.9K Signal users’ numbers
Share
An In-Depth Guide to Identity
Get essential knowledge and practical strategies to fortify your identity security.
Related Events
Related Terms
Attack VectorBasic AuthenticationBiometricsCertificate-Based AuthenticationChallenge-Handshake Authentication Protocol (CHAP)Digest AuthenticationDigital CertificateDiscretionary Access Control (DAC)Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds