A hacker infiltrated TeleMessage, an Israeli company providing modified versions of messaging apps like Signal and WhatsApp. The breach exposed direct messages and group chats sent through these modified apps, including sensitive discussions involving U.S. officials. Although top U.S. officials were using the app, no cabinet-level messages were compromised, but data from other entities was leaked. Notably, information from Customs and Border Protection (CBP), Coinbase, and various financial institutions was stolen.
The hacker gained unauthorized access to TeleMessage’s servers, compromising customer data, including names, phone numbers, and email addresses of CBP officials. Screenshots of the stolen data showed details such as the number of affected CBP personnel and former Coinbase employees. The threat actor only required 20 minutes to exploit the system, raising concerns about the security of sensitive government data.
The breach revealed weaknesses in TeleMessage’s modified app, which did not offer end-to-end encryption between the apps and the archive.
The stolen data included political and crypto-related conversations, such as chats involving U.S. Senate bills and Galaxy Digital. Additionally, the hacker accessed debug data from TeleMessage’s Signal clone, exposing fragments of live, unencrypted messages. The compromised server was hosted on Amazon AWS’s cloud infrastructure, further complicating the situation. The exposure underscores the risks of using modified versions of popular apps for government and sensitive business operations.
While TeleMessage’s breach did not affect all data, the compromised server’s ease of access and the lack of encryption raised alarm about national security. The vulnerability comes after revelations that top U.S. officials, including National Security Advisor Mike Waltz, used TeleMessage’s modified Signal app during sensitive discussions. This incident highlights the ongoing threat posed by insufficiently secured communication tools used by government and financial institutions.
Reference:
