Elain Brown Tech 08.16.2022 01:Aug AM EDT

Twilio Data Breach: Phone Number of 1,900 Signal Users Have Been Exposed

The Twilio data breach incident reveals more users are affected.

Signal was made aware of the recent data breach that occurred at Twilio, the company that provides the phone number verification services used by Signal. Signal then later disclosed that 1,900 users had been compromised by the hack.

On August 4, Twilio revealed that their system was attacked by a malicious actor. Last week, the company revealed that they are still in the process of investigating the Twilio hack that happened and stated that they have detected 125 customers to be affected.

However, fast forward to now, their service provider, Signal, has released a blog post confirming that the total number of users who have been affected is 1,900.

Twilio Data Breach

Twilio notified Signal about the recent hacking they had suffered, which prompted Signal to launch an investigation into the cyberattack to gather more information.

According to BleepingComputer, they can assure all of their users that their contact lists, message history, profile information, names of whom they blocked, and other personal information were not breached during the Twilio hack.

They were not affected and remained private and secure. The malicious actor might have attempted to re-register 1,900 users' phone numbers to different devices or discovered that their numbers were registered to Signal.

This problem was then addressed by Twilio, and they have since stopped this exploit from happening. Signal further disclosed that the attacker specifically searched for three phone numbers out of the 1,900 total numbers, and one of those three customers has reported that their account was re-registered.

This information was obtained via a complaint that they got from one of those users. Since 1,900 people constitute a relatively small fraction of Signal's entire user base, this indicates that the vast majority of users were not impacted.

The company claims that as of August 15, they have begun to alert subscribers and are forcing them to re-register with Signal using their phone number. This should be finished by the time August 16 rolls around, if all goes according to plan.

Twilio Hack Recommendations

Due to the Twilio data breach, Signal is notifying these 1,900 users directly and prompting them to re-register Signal on their devices.

Signal stated that if users receive an SMS message with a link that directs them to the support article published by the company, they should follow the steps provided:

Users just need to open Signal on their devices. If the app shows a prompt that tells its users to register their Signal account, users can fill in the prompt to log in.

The company strongly suggests that users enable registration lock in the app's settings in order to provide the highest level of protection for the user's account. Since the function was developed to safeguard users against dangers such as the recent Twilio data breach.

It is strongly recommended that users turn on the registration lock feature for their Signal accounts. The registration procedure includes an additional degree of verification if the user chooses to utilize an optional registration lock in conjunction with their Signal PIN.

To do so, users can go to their profile in Signal and click Settings, then Account, then select the Registration Lock option.