For the second time in just over two months, hackers are trying to infiltrate Signal accounts–this time by posing as the free messaging app’s support team in an attempt to gain access to private messages, photos, and files.
“It’s not clear how effective the hacking campaign has been,” reports TechCrunch, an online industry news site.
The latest scam begins with a seemingly legitimate message from Signal, which has an estimated 70 million to 100 million active users.
“Action required: Data Recovery Needed,” reads the text. “Your Signal account (messages and media) is at risk of permanent loss due to a sync issue.”
The ersatz support staff then urges the recipient to immediately follow step-by-step instructions to access and share their 64-character recovery key, the only means of deciphering a Signal account’s encrypted data backed up on the cloud. All messages and calls on the app are encrypted by default and can only be read or heard by the sender and receiver–not even Signal can decode the conversations.
“This is a phishing attempt,” warned an X post by Josh Rogin, the lead global security analyst for WP Intelligence, a premium offshoot of The Washington Post that covers heavily regulated industries like AI, tech, and energy. “If you get this message on Signal, do not follow the instructions. Many anti-[Chinese Communist Party] activists have also received this phishing attempt. Beware and be aware.”
Signal said it is taking action to thwart the hackers. “We’re working on mitigations here, and monitoring,” said Meredith Whittaker, president of the independent not-for-profit organisation established in 2018. In lieu of carrying ads or selling user data, Signal relies solely on grants and donations to develop and operate the app.
The support-team scam is the second high-profile hack attack aimed at Signal this year. In March, the Federal Bureau of Investigation and US Cybersecurity and Infrastructure Security Agency (CISA) reported that Signal and WhatsApp were targeted by “cyber actors associated with the Russian Intelligence Services.”
“The threat actors specifically target Signal accounts,” the FBI said, noting that thousands of accounts had been compromised.
In a security update posted earlier this month on Bluesky, Signal reported it had responded to the Russian hack by introducing “additional confirmations and educational messaging in the app to help people better detect fraudulent profiles, especially message requests from scammers posing as Signal. More changes are on the way.”
A subsequent post reminded users to “stay vigilant” against phishing expeditions and account takeover attempts. “Remember that no one from Signal Support will ever send you a message request or ask for your registration verification code or Signal PIN,” the company said.
Hackers targeting past message histories can only download and decrypt a Signal account’s cloud archive if the owner provides them with the crucial recovery key, the equivalent of handing over your ATM card and PIN.
“The real target is often the user, not the encryption,” said Cody Barrow, a former senior defence intelligence official at the National Security Agency and the Pentagon. “Once an attacker gains access to a messaging account or a linked device, they can monitor conversations, map networks of contacts, and collect intelligence over time.”
A successful hack of the popular app could have dire consequences, especially for prominent users whose stock in trade is confidential information.
“Signal isn’t the biggest encrypted messaging app out there,” Forbes noted, “but it remains one of the most important. This is evidenced by its use within US law enforcement and government, as well as political activists and journalists the world over, courtesy of the end-to-end encryption it provides.”
Unauthorised use of Signal by government officials made headlines late last year when a Pentagon Inspector General report revealed that Defense Secretary Pete Hegseth used his personal phone and Signal in March 2025 to share classified information about imminent military strikes in Yemen, including the exact timing of the aircraft launches.
His disclosure of sensitive intel on an app that isn’t part of the Pentagon’s secure communications network came to light because journalist Jeffrey Goldberg of The Atlantic was inadvertently included in a group chat with top Trump administration officials. Hegseth also reportedly detailed the pending military action in a separate Signal chat with his wife, brother, and 11 other people. – Inc/TNS
Click Here For The Original Source.
