What happened with Signal data?
A popular application Signal, which claimed to be the most secure and encrypted messenger, faced an unpleasant case of a cyberattack on Monday, 15.
The Signal app uses the service Twilio — a platform for registration verification codes. The thing is that Twilio had a data breach that happened on August 4th. This event affected the Signal users.
The messenger’s representatives posted an explanation where they described the incident. Long story short, the attackers could re-registered 1900 accounts to other devices, meaning people might have lost their data forever.
Yet, everything seems to be OK:
But is it really a “FIN”? People in the comments are calling Signal representatives out, suggesting ideas that can help to avoid such incidents:
Apparently, Signal developers planned to implement such a feature, but haven’t done it yet. The result is all over the news articles.
The conclusion
No matter how Meta, Signal, or any other software/service vendor claim how secure their products are, they are still vulnerable because of their publicity. You do not know who manages the servers for these apps, or how reliable third-party services they use.
Some users, perhaps, will continue denying the obvious facts by preferring simplicity over real privacy.
But the reality is if you can’t control how the data transfer from one device to another you can’t be sure it won’t end up in a hacker’s hands.
How to message privately without phone binding?
There are some alternative apps that do not require phone registration. For example, MyChat. MyChat is available for Android and IOS devices where you can send messages, make voice and video calls, send files, bulk messages, create hidden chat rooms, and a lot more.
All data is processed by MyChat Server which is easy to manage even for a non-administrator.