Attack victim signal, 1,900 users may have been affected
Signal is the second victim of the massive phishing attack recently launched on Twilio. Data stolen by this Signal partner impacted nearly 2,000 secure messaging users.
Twilio is a company unknown to the general public, yet it is an essential link for Signal: it is in fact the company that provides a telephone number verification service when you sign up for instant messaging. Unfortunately, a phishing attack a few days ago allowed hackers to obtain the credentials.
A proxy attack
In detail, the highly sophisticated attack hit Twilio employees, who were invited by the company’s (fake) IT department to log back into their account following a fraudulent link. Using these identifiers, the hackers were able to attack Signal users.
The courier communicated this publicly. First by warning 1,900 users: a hacker could try to re-register the number on another device or find that the number has been registered on Signal. Other data (message history, contact lists, profile information, blocked contacts and other personal data) were not affected as they are stored on the device and not on the Signal servers.
The message states that the hacker explicitly tried to get hold of three numbers, one of which was re-registered by the hacker so that the hacker could receive and send messages from the victim’s account. Directly affected users must re-register in Signal if prompted by the app, then enable the Record Lock feature in Settings (something all users should do to be on the safe side). This option is specially designed for such threats.
Bitdefender Plus Antivirus