时间:2025-04-03 16:36:47 来源:网络整理编辑:綜合
On Monday, Signal, often viewed as the most secure messaging app, shared that a security breach of i
On Monday,Signal, often viewed as the most secure messaging app, shared that a security breach of its phone number verification service provider affected 1,900 of its users. Due to the breach, these users' phone numbers were exposed.
Tweet may have been deleted
According to Signal's post detailing the situation, the provider, Twilio, was targeted in a phishing attack. In Twilio's own postexplaining the situation, the company says it was a "sophisticated social engineering attack designed to steal employee credentials." The attack was successful in obtaining credentials from some of Twilio's employees. Twilio says that around 125 of its customers had data compromised during the attack. One of these affected customers is Signal.
On the bright side, Signal's reputation as the most secure messaging app is intact thanks to its service being 100 percent end-to-end encrypted. Without access to a Signal user's physical device, a bad actor could not access that user's messaging history. So, any sensitive information that was shared within messages on Signal have not been compromised. Profile data, contact list, and other data also was not compromised, again, thanks to Signal's design.
However, Signal warns that there were issues that arose for the users affected by the breach:
"For about 1,900 users, an attacker could have attempted to re-register their number to another device or learned that their number was registered to Signal. This attack has since been shut down by Twilio."
SEE ALSO:Apple delayed Telegram's iOS app update due to unauthorized use of its emojiAccording to Signal, one of those 1,900 users reported that their account was re-registered on another device without their authorization. Also, as Signal notes, most of its users were not affected at all by the security breach.
That there's been fairly little fallout from this security breach is a testament to Signal's security. But the breach is also a reminder of Signal's one glaring flaw: the requirement that a user registers their phone number to use the messaging service. Signal has previously hinted that it will soon allow people to use usernames instead of their phone number, but there is currently no scheduled roll out for that feature.
TopicsCybersecurity
Make money or go to Stanford? Katie Ledecky is left with an unfair choice.2025-04-03 16:34
Patrick Stewart trolling Thomas Middleditch is the best thing on Instagram right now2025-04-03 16:24
YouTube speeds up live streaming for creators with 'ultra2025-04-03 15:36
Guy crying during an interview for his dream job teaches us a very important lesson2025-04-03 15:33
Xiaomi accused of copying again, this time by Jawbone2025-04-03 14:44
Patrick Stewart trolling Thomas Middleditch is the best thing on Instagram right now2025-04-03 14:44
$797 million in 3 months: Blockchain’s newest industry is going crazy2025-04-03 14:38
This dating app has figured out that where you went to school really does matter2025-04-03 14:30
Snapchat is about to explode in popularity, report says2025-04-03 14:25
Lenovo settles with the FTC over Superfish adware charges2025-04-03 14:21
Samsung Galaxy Note7 teardown reveals the magic behind the phone's iris scanner2025-04-03 16:35
Everything you need to know about using Instagram's archive feature2025-04-03 15:52
This might be the worst UPS package placement ever2025-04-03 15:49
Guy crying during an interview for his dream job teaches us a very important lesson2025-04-03 15:45
You will love/hate Cards Against Humanity's new fortune cookies2025-04-03 15:10
These stock photos put rescue animals center frame2025-04-03 14:36
$797 million in 3 months: Blockchain’s newest industry is going crazy2025-04-03 14:35
'French Banksy' portrait on the U.S.2025-04-03 14:24
17 questions you can answer if you're a good communicator2025-04-03 14:11
Fitbit partnership brings diabetes monitoring to the Ionic smartwatch2025-04-03 14:11