Mastodawn

We are aware of recent reports regarding targeted phishing attacks that have resulted in account takeovers of some Signal users, including government officials and journalists. We take this very seriously.

To be clear: Signal’s encryption and infrastructure have not been compromised and remain robust. These attacks were executed via sophisticated phishing campaigns, designed to trick users into sharing information – SMS codes and/or Signal PIN – to gain access to users’ accounts.

Show thread

DekOfTheYautja Mar 9

@signalapp You know how you could solve that? Stop taking users' phone numbers, and especially stop using it for verification. EZPZ.

Show thread

Kevin Karhan

@DekOfTheYautja PRECISELY THAT!

Everyone with two braincells should come to the conclusion that @signalapp / #Signal is.just a successor project to #MINERVA / #Rubikon (aka. #CryptoAG) and #OperationIronside / #OperationTrøjanShield.
- Because otherwise they would've been already shutdown like #EncroChat and not "let run" like #ANØM…

Kevin Karhan :verified: (@[email protected])

@[email protected] @[email protected] yes, it it #Signal's [sole fault!](https://infosec.space/@kkarhan/116200603563502633) - Because this attack vector *doesn't exist* in [any halfway decent messenger App / system!](https://infosec.space/@kkarhan/116200603563502633)

Infosec.Space