Security Experts:

Connect with us

Hi, what are you looking for?



Signal Discloses Impact From Twilio Hack

Secure communications services provider Signal on Monday disclosed impact from the recent Twilio hack, after threat actors attempted to re-register the phone numbers of some of its users to new devices.

Secure communications services provider Signal on Monday disclosed impact from the recent Twilio hack, after threat actors attempted to re-register the phone numbers of some of its users to new devices.

Earlier this month, enterprise software vendor Twilio announced that it fell victim to a cyberattack, after threat actors tricked one of its employees into revealing their login credentials.

Armed with the employee’s credentials, the threat actor accessed internal systems that contained customer data. Overall, the data of 125 customers was impacted in the incident, Twilio said on Wednesday.

“There is no evidence that customer passwords, authentication tokens, or API keys were accessed without authorization,” the company said.

The enterprise communication API powerhouse also said that it has improved the security of internal systems, and that the threat actors are relentless in their social engineering attempts.

Signal, which contracted Twilio for phone number verification services, is one of the customers impacted by the incident.

In an August 15 notice, the secure messaging company announced that, after gaining access to Twilio’s customer support console, the attackers attempted to re-register the phone numbers of certain Signal users to new devices, or accessed their Signal SMS verification code.

“During the window when an attacker had access to Twilio’s customer support systems it was possible for them to attempt to register the phone numbers they accessed to another device using the SMS verification code. The attacker no longer has this access, and the attack has been shut down by Twilio,” Signal announced.

The company also notes that the incident impacted roughly 1,900 of its users, and that the attackers did not have access to users’ contact list, message history, profile information, list of blocked numbers, or other personal information.

“Message history is stored only on your device and Signal does not keep a copy of it. Your contact lists, profile information, whom you’ve blocked, and more can only be recovered with your Signal PIN which was not (and could not be) accessed as part of this incident,” Signal notes.

The company also points out that the attackers were able to send and receive Signal messages on behalf of the impacted users after registering their accounts to new devices. Signal says that the attackers specifically searched for three numbers – out of the total 1,900 – and that they re-registered at least one.

Signal says it’s in the process of alerting potentially impacted users via SMS. For all 1,900 accounts, the company has unregistered all devices and is asking users to re-register them.

The secure communications firm is encouraging users to enable ‘registration lock’ on their accounts, a feature that adds an extra layer of protection to accounts, preventing this kind of telecom attacks.

Related: Twilio Hacked After Employees Tricked Into Giving Up Login Credentials

Related: Twitter Hack: 24 Hours From Phishing Employees to Hijacking Accounts

Related: FBI Received 1,600 SIM Swapping Complaints in 2021

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...