Recently @twilio, which provides SMS verification services for Signal, suffered a phishing attack. Via Twilio, attackers may have accessed phone numbers & SMS registration codes for 1,900 Signal users. 1/
Message history, profile info, contact lists, & other data were NOT & could not be accessed. The information attackers accessed could allow them to attempt to register a Signal user’s phone number on a new device if that user had not enabled registration lock. 2/
We have identified and are contacting the 1,900 potentially affected users. We are prompting them to re-register their Signal numbers and encouraging them to enable registration lock. We are also working with Twilio to ensure they upgrade their security practices. 3/
We have published more information here: signal.org/smshelp 4/
Signal's commitment to your privacy –to building a product that protects your information from third parties including Signal–is what ensured that message history, profile info, contact lists, and other data were not vulnerable in this incident. FIN
Our registration lock function protects against these kinds of attacks.
Enable registration lock by going into your Settings >> Account >> Registration Lock.
support.signal.org/hc/en-us/artic…
Share this Scrolly Tale with your friends.
A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.