The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,909 other followers

If you are a Signal messenger user: there has been a breach, so please enable “Registration Lock” in the mobile app to protect your account

Posted by jpluimers on 2022/08/29

For Signal messenger users: please visit [Wayback/Archive] Signal PIN: manage Registration Lock – Signal Support then enable it on your mobile phone.

The breach: [Wayback/Archive] Twilio attacker ‘explicitly’ looked for 3 Signal numbers • The Register

However, Signal – considered one of the better secured of all the encrypted messaging apps – claims the attacker would not have been able to access the message history, contact lists, profile information, or other personal data associated with these user accounts. The non-profit organization said in a security note on its site that it has identified and is notifying the 1,900 users directly, and prompting them to re-register Signal on their devices.

The underlying Twilio breach: [Wayback/Archive] Twilio Incident Report: Employee and Customer Account Compromise – August 4, 2022

The Signal announcement: [Wayback/Archive] Twilio Incident: What Signal Users Need to Know – Signal Support

To best protect your account, we strongly recommend that you enable registration lock in the app’s Settings. We created this feature to protect users against threats like the Twilio attack.

The Twitter thread is saved at [Wayback/Archive] Thread by @signalapp on Thread Reader App; highlights:

Via:

  1. [Wayback/Archive] John Scott-Railton on Twitter: “PSA: Do you use Signal? Turn on registration lock today. Here’s why… 1/ “
  2. [Wayback/Archive] John Scott-Railton on Twitter: “2/ @twilio handles SMS registrations for @signalapp. They got targeted w/a phishing attack. Attackers then used their access against some @signalapp users. …& a bunch of other Twilio customers (editorial: yikes, more disclosures likely inbound).”

–jeroen

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

 
%d bloggers like this: