After WhatsApp declared in January 2021 that it will share user data with Facebook, the signal, a well-known messaging service, had a meteoric rise in popularity in India. This update was ultimately reversed.
Around 1900 Signal users’ phone numbers were exposed in a data breach after Twilio, the company that provides Signal with phone number verification services, was the target of a phishing attack. It should be emphasized that Signal is a well-known messaging app whose use in India has increased dramatically after
WhatsApp declared in January 2021 that it will share user data with Facebook. Then, this update was removed.”Signal’s user base as a whole was only made up of 1,900 users; as a result, the majority were unaffected. According to a press statement from Signal, we are aggressively contacting these people and requesting that they re-register Signal on their devices.
However, the company assures its clients that “their message histories, contact lists, profile information, people they’d blocked, and other personal data remain private and protected and were not affected.”
What Exactly Took Place?
An attacker gained access to Twilio’s customer care console using phishing. This suggests that a customer service agent received a message from the attackers that contained a link that, when clicked, gave the attackers access to Twilio’s customer support system. They might have tried to register the phone numbers they had accessed on another device using the SMS verification code.
For 1,900 people, either their phone numbers that might have been connected to a Signal account were made public or the SMS verification code required to register with Signal was made public. According to Signal, Twilio has halted the attempt and the attacker no longer has access to this data.
The only way to retrieve your contact lists, profile details, blocked users, and other information is through your Signal PIN, which was not (and could not be) accessed as part of this incident. According to a blog post by Signal, if an attacker was successful in re-registering an account, they would be able to send and receive Signal communications from that phone number.
Are You Affected?
All 1,900 users of Signal who could be impacted are already getting alert SMS messages. After receiving notice from the company, users must re-register for Signal using their phone numbers as of August 16.
This is from Signal Messenger, which says the SMS message that Signal is sending to the impacted person. To assist you to protect your Signal account, we are getting in touch with you. Open Signal and re-register. You might have been impacted if you saw a banner when you launched Signal stating that your device is no longer registered.
Account owners for Signal should activate the registration lock. This includes adding an additional layer of authentication to the registration process by using your Signal PIN and an optional registration lock. Here’s how to approach it:
The Signal Settings Option (profile)
“Registration Lock” configuration
“Twilio is in touch with us, and we’re working actively to improve their security protocols with them and other service providers. Signal continued, “We advise users to turn on the registration lock on the user side.”