SignalMar 9

We are aware of recent reports regarding targeted phishing attacks that have resulted in account takeovers of some Signal users, including government officials and journalists. We take this very seriously.

To be clear: Signal’s encryption and infrastructure have not been compromised and remain robust. These attacks were executed via sophisticated phishing campaigns, designed to trick users into sharing information – SMS codes and/or Signal PIN – to gain access to users’ accounts.

Show threadDekOfTheYautjaMar 9
@signalapp You know how you could solve that? Stop taking users' phone numbers, and especially stop using it for verification. EZPZ.
Show threadTodd Knarr
@DekOfTheYautja @signalapp I fear even that won't help, just force phishing attacks to use other channels. We need to convince users to "Trust nothing.". Frankly the odds of being struck by a meteorite are better.
Mar 9 at 7:19pmWeb