A phishing assault on Twilio Inc., the messaging platform Signal’s provider of SMS verification services, earlier this month may have revealed the phone numbers of 1,900 users, according to the company. Twilio is renowned for its end-to-end encryption policy.
“Attackers may have accessed phone numbers and SMS registration codes for 1,900 Signal users via Twilio,” the company said on Twitter.
The messaging history, profile details, contact lists, and other data, according to Signal, were not and could not be accessed.
“The information attackers obtained could enable them to attempt to register a Signal user’s phone number on a new device if that user had not enabled registration lock,” the company claimed in a series of tweets on Monday.