The attack on Twilio earlier this month may have compromised the phone numbers of approximately 1,900 Signal messenger users, according to the popular encrypted messaging service.
During the cyberattack that targeted Twilio, perpetrators allegedly attempted to re-register Signal users’ phone numbers to other devices. However, the company is confident that the incident didn’t affect personal data.
“For about 1,900 users, an attacker could have attempted to re-register their number to another device or learned that their number was registered to Signal,” reads the company’s security advisory. “All users can rest assured that their message history, contact lists, profile information, whom they'd blocked, and other personal data remain private and secure and were not affected.”
Furthermore, the attack didn’t compromise the Signal PIN, which is used in non-phone-number-based operations such as recovering profiles, settings, contacts and block lists. The PIN also acts as an optional registration lock that prevents others from fraudulently registering your number.
The company is taking steps to protect affected users by unregistering Signal on all devices currently using the compromised accounts and notifying customers directly via SMS. Signal prompts users to re-register the service with their phone number if asked to do so and enable registration lock, an additional security measure against fraudulent registration attempts.
Accounts that use this security feature require a PIN to re-register the phone number with Signal. Users can toggle Registration Lock by following these steps:
⋮
Settings > Account
Registration Lock
switch onTurn On
button to confirm your actionNote that forgetting your PIN could lock you out of your account for up to seven days, and Signal can’t reset it for you. However, the service has a built-in reminder that asks you periodically to confirm your PIN, to help you memorize it.
Specialized software such as Bitdefender Digital Identity Protection can help keep your identity safe against the influx of data breaches with features like:
tags
Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.
View all postsSeptember 06, 2024
September 02, 2024
August 13, 2024