The management of the Signal app announced a disclosure this week regarding Twilio being hacked. Around 1900 vulnerable users became victims of the hack.
How can hacking on Twilio affect Signal apps? Investigate an investigation because Signal uses Twilio to send SMS verification when registering a new user.
The development comes less than a week after Twilio revealed that data associated with about 125 customer accounts were accessed by malicious actors through a phishing attack that duped the company's employees into handling over their credentials. The breach occurred on August 4.
In the case of Signal, the unknown threat actor is said to have abused the access to explicitly search for three phone numbers, followed by re-registering an account with the messaging platform using one of those numbers, thereby enabling the party to send and receive messages from that phone number.
As part of the advisory, the company has also urged users to enable registration lock, an added security measure that requires the Signal PIN in order to register a phone number with the service.