TeleMessage Hack Exposes US Government Data

TeleMessage Hack Exposes US Government Data

A recent security breach has compromised TeleMessage, a platform providing modified versions of encrypted messaging apps like Signal, Telegram, and WhatsApp. This hack exposed archived messages and other sensitive data belonging to U.S. government officials and companies using the service, as reported by 404 Media (404 Media report).

TeleMessage gained attention last week following reports of its use by former U.S. National Security Adviser Mike Waltz (previous report). The Israel-based company, owned by Smarsh, offers clients a way to archive messages, including voice notes, from encrypted apps.

Hack Exposes Sensitive Data

While messages from cabinet members and Waltz were reportedly not compromised, the breach exposed a range of sensitive information. This includes message content, contact details of government officials, and TeleMessage backend login credentials. Data related to U.S. Customs and Border Protection, Coinbase, and financial institutions like Scotiabank were also extracted.

The hack reveals a critical vulnerability: archived chat logs are not end-to-end encrypted between the modified Signal app offered by TeleMessage and its storage location.

Smarsh, Signal, U.S. Customs and Border Protection, Coinbase, and Scotiabank have not yet commented on the incident.