Categories
Ace Breaking News

BREAKING CYBER-ATTACK: Nearly 1,900 Signal Messenger Accounts Potentially Compromised in Twilio Hack Report

This is our daily post that is shared across Twitter & Telegram and published first on here with Kindness & Love XX on peace-truth.com/

#AceNewsRoom With ‘Kindness & Wisdom’ Aug.16, 2022 @acebreakingnews

Ace News Room Cutting Floor 16/08/2022

Follow Our Breaking & Daily News Here As It Happens:

#AceBreakingNews – Popular end-to-end encrypted messaging service Signal on Monday disclosed the cyberattack aimed at Twilio earlier this month may have exposed the phone numbers of roughly 1,900 users.

Signal Messenger Account

“For about 1,900 users, an attacker could have attempted to re-register their number to another device or learned that their number was registered to Signal,” the company said. “All users can rest assured that their message history, contact lists, profile information, whom they’d blocked, and other personal data remain private and secure and were not affected.”

Signal, which uses Twilio to send SMS verification codes to users registering with the app, said it’s in the process of alerting the affected users directly and prompting them to re-register the service on their devices.

The development comes less than a week after Twilio revealed that data associated with about 125 customer accounts were accessed by malicious actors through a phishing attack that duped the company’s employees into handing over their credentials. The breach occurred on August 4.

In the case of Signal, the unknown threat actor is said to have abused the access to explicitly search for three phone numbers, followed by re-registering an account with the messaging platform using one of those numbers, thereby enabling the party to send and receive messages from that phone number.

As part of the advisory, the company has also urged users to enable registration lock, an added security measure that requires the Signal PIN in order to register a phone number with the service.

Web infrastructure provider Cloudflare, which was also unsuccessfully targeted by the sophisticated phishing scam, said the use of physical security keys issued to every employee helped it impede the attack.

Phishing and other types of social engineering rely on the human factor to be the weakest link in a breach. But the latest incident also serves to highlight that third-party vendors pose as much a risk to companies.

The development further underscores the dangers of relying on phone numbers as unique identifiers, what with the technology susceptible to SIM swapping that allows bad actors to carry out account takeover attacks and illicit money transactions.

#AceNewsDesk report ………..Published: Aug.16: 2022:

Editor says …Sterling Publishing & Media Service Agency is not responsible for the content of external site or from any reports, posts or links, and can also be found here on Telegram: https://t.me/acenewsdaily and all wordpress and live posts and links here: https://acenewsroom.wordpress.com/ and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com

By ace101

Ace Worldwide News Group working with Kindness & Wisdom in perfect harmony to provide help and guidance through news & views and the truth to people in need Amen