Approximately 1,900 users of the instant messaging application “Signal” were affected by a data breach publicly reported by the company on August 15 on its official Twitter account.
According to the publication, Twilio, an external company that provides Signal with its services of information verification via SMS, suffered a phishing attack, a deception orchestrated by cybercriminals with the aim of extracting information from users and companies. This is how the criminals would have accessed the information of users of the messaging application.
“Twilio has already been able to stop this attack. 1,900 users is a very small percentage of the total users of Signalwhich means that the vast majority have not been affected,” the company reported.
Affected have already been contacted
The information compromised in this cyberattack is not related to message historiesprofile information, contactsetc., according to Signal, which also stated that the consequence of this fact supposes the possibility of registering the telephone number of these people in different devices in case they have not activated a registration block.
In addition, users who were affected have been detected and are being contacted to ask them to activate the block so that they are not further harmed. In the meantime, Twilio and Signal will be working on improvements to their security system to prevent an attack like the one reported from being repeated.
The registration lock is activated from the settings menu, in the “Account” button and the “Registration lock” option is activated.
Main factors in phishing cases
To avoid being victims of a phishing case, like the one that affected Twilio and Signalusers should be aware of the following factors that cybercriminals take advantage of to steal information using this method.
– The fashion themes, gifts and promises of investment are a very common hook. Cybercriminals will send an email, message or even phone (vishing) potential victims to gain their trust by using the name of a recognized and trustworthy entity.
Currently, many scammers use topics such as cryptocurrencies or NFTs as an excuse to carry out cyber scams, as Eset warns; or even to elaborate pyramid schemes.
– Get the user to hand over their passwords. Once the cybercriminals have gained the attention and trust of the potential victim, they will ask for their access codes. Sometimes they can be requested directly, but in others they use slightly more elaborate devices that involve forms to receive supposed benefits. If the victim shares her information, she risks losing access to her social media profiles or even money from her bank account.
In other cases, the user is sent a link to a fake page that pretends to be a genuine site of a bank, company or social network, and they are asked to enter their username and password there to update information or finish a supposed process for get the promised benefit. That way the criminal gets this data.
Anti phishing: how to know if an email is really from Instagram or not
Beware: Hackers Impersonate WeTransfer to Steal Information
The 7 keys to protect profiles on social networks