Encrypted messaging service Signal has revealed that the personal data of its users may have been compromised after its verification services provider, Twilio Inc fell victim to a phishing attack. In a blogpost yesterday, Signal said that the phone number of 1900 users could have been revealed by the incident.
Signal further elaborated that the breach also could have allowed the attacker access to SMS verification code used to register with Signal. However, message history, profile information and contact lists were not revealed.
The messaging service further asserted that the attacker could attempt to re-register the leaked numbers to another device or learned whether the numbers are registered on the Signal app. Twilio Inc has been working with Signal to help investigation on the phishing attack after disclosing of the incident earlier this month.
Signal has also since notified the 1900 users affected directly of the incident. Moreover, the company requests users to open the app on their phones and register their account again if the app prompts them to do so.
Signal also said that the best way to protect your account is to enable registration lock on the app’s Settings. In fact, the security feature was made to protect users against threats like the Twilio attack.
So, what do you guys think of the whole incident? Share your thoughts with us in the comments below and stay tuned to TechNave for more trending tech news.