TeleMessage Hack Exposes Sensitive US Government Data
TeleMessage, a service providing modified versions of encrypted messaging apps like Signal, Telegram, and WhatsApp for government and corporate clients, has suffered a security breach. The hack exposed archived messages and other sensitive data related to US government officials and companies using the platform, as reported by 404 Media. The report details how a hacker exploited a vulnerability to extract the information.
TeleMessage, owned by Smarsh, allows clients to archive messages, including voice notes, from encrypted apps. The service gained attention last week after reports revealed former U.S. national security adviser Mike Waltz was using TeleMessage's modified version of Signal. This revelation raised concerns about the security of such modified apps.
Exposed Data Includes Messages and Login Credentials
While messages from cabinet members and Waltz were reportedly not compromised, the hacked data included the content of other messages, contact information of government officials, and TeleMessage back-end login credentials. The breach also impacted data belonging to U.S. Customs and Border Protection, cryptocurrency exchange Coinbase, and financial institutions like Scotiabank.
The hack highlights a critical security flaw: the archived chat logs are not end-to-end encrypted between the modified Signal app offered by TeleMessage and the storage location. This lack of end-to-end encryption leaves the data vulnerable to exploitation.
Smarsh, Signal, U.S. Customs and Border Protection, Coinbase, and Scotiabank have not yet responded to requests for comment.
