End-to-end encrypted messaging app Signal says attackers accessed the phone numbers and SMS verification codes for almost 2,000 users as part of the breach at communications giant Twilio last week.

Twilio, which provides phone number verification services to Signal, said on August 8 that malicious actors accessed the data of 125 customers after successfully phishing multiple employees. Twilio did not say who the customers were, but they are likely to include large organizations after Signal on Monday confirmed that it was one of those victims.

  • PorkrollPosadist [he/him, they/them]
    ·
    2 years ago

    I don’t think Signal ever aims for anonymity, but yes, it’s trash.

    It's not so much Signal's advertising as much as how I see people use it in practice. Most people who aren't nerds just think in terms of privacy. "Oh I heard that app has good privacy!" But anonymity and encryption are two completely different things. If you're some dork fed who finally ended up reading Howard Zinn and decide you need to send a couple secret documents to a journo over Signal, they are going to get you unless you managed to sign up with a fake identity and not fuck it up in any single way.

    Any system which attempts to combine these things in an auto-updating mobile app is more risky than it’s really worth. [...]

    This is a very good point.