Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Signal Discloses Impact From Twilio Hack

Secure communications services provider Signal on Monday disclosed impact from the recent Twilio hack, after threat actors attempted to re-register the phone numbers of some of its users to new devices.

Secure communications services provider Signal on Monday disclosed impact from the recent Twilio hack, after threat actors attempted to re-register the phone numbers of some of its users to new devices.

Earlier this month, enterprise software vendor Twilio announced that it fell victim to a cyberattack, after threat actors tricked one of its employees into revealing their login credentials.

Armed with the employee’s credentials, the threat actor accessed internal systems that contained customer data. Overall, the data of 125 customers was impacted in the incident, Twilio said on Wednesday.

“There is no evidence that customer passwords, authentication tokens, or API keys were accessed without authorization,” the company said.

The enterprise communication API powerhouse also said that it has improved the security of internal systems, and that the threat actors are relentless in their social engineering attempts.

Signal, which contracted Twilio for phone number verification services, is one of the customers impacted by the incident.

In an August 15 notice, the secure messaging company announced that, after gaining access to Twilio’s customer support console, the attackers attempted to re-register the phone numbers of certain Signal users to new devices, or accessed their Signal SMS verification code.

“During the window when an attacker had access to Twilio’s customer support systems it was possible for them to attempt to register the phone numbers they accessed to another device using the SMS verification code. The attacker no longer has this access, and the attack has been shut down by Twilio,” Signal announced.

The company also notes that the incident impacted roughly 1,900 of its users, and that the attackers did not have access to users’ contact list, message history, profile information, list of blocked numbers, or other personal information.

“Message history is stored only on your device and Signal does not keep a copy of it. Your contact lists, profile information, whom you’ve blocked, and more can only be recovered with your Signal PIN which was not (and could not be) accessed as part of this incident,” Signal notes.

The company also points out that the attackers were able to send and receive Signal messages on behalf of the impacted users after registering their accounts to new devices. Signal says that the attackers specifically searched for three numbers – out of the total 1,900 – and that they re-registered at least one.

Signal says it’s in the process of alerting potentially impacted users via SMS. For all 1,900 accounts, the company has unregistered all devices and is asking users to re-register them.

The secure communications firm is encouraging users to enable ‘registration lock’ on their accounts, a feature that adds an extra layer of protection to accounts, preventing this kind of telecom attacks.

Related: Twilio Hacked After Employees Tricked Into Giving Up Login Credentials

Related: Twitter Hack: 24 Hours From Phishing Employees to Hijacking Accounts

Related: FBI Received 1,600 SIM Swapping Complaints in 2021

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.