Twilio provides phone number verification services to Signal. Earlier in August, the company said that unknown hackers gained access to 125 customers’ data after several employees successfully phished.

what is known

It is currently unknown which customers outside of Signal are affected and how many are at risk of breaches. They were probably large establishments receiving the same service.

The signal messenger himself explained unknown persons gained access to phone numbers and SMS verification codes of nearly two thousand users. The company will inform each of them about the situation.

The attacker may try to re-register the number on another device or find out that the number is registered in Signal. Among the 1,900 numbers, the attacker clearly called three numbers, and we received a message from one of these three users that his account was re-registered,
– says the company statement.

IT did not allow attacker to access message historyFor contact lists and profile information that Signal does not store or is protected by a user’s security PIN.

The developers explained that if the hacker manages to re-register the number on another device, it has the ability to send and receive Signal messages from that phone number. So, for those affected, the company will unregister Signal on all devices and require users to re-register an account using their phone number.