Tag: numbers
Should I buy lithium stocks as EV numbers are set to soar?
This Fool explores whether adding lithium stocks to his holdings could be a shrewd move as demand for lithium is soaring.
The post Should I buy lithium stocks as EV numbers are set to soar? appeared first on The Motley Fool UK.
Signal users’ phone numbers exposed in major Twilio hack
On Monday, Signal, often viewed as the most secure messaging app, shared that a security breach of its phone number verification service provider affected 1,900 of its users. Due to the breach, these users’ phone numbers were exposed.
According to Signal’s post detailing the situation, the provider, Twilio, was targeted in a phishing attack. In Twilio’s own post explaining the situation, the company says it was a “sophisticated social engineering attack designed to steal employee credentials.” The attack was successful in obtaining credentials from some of Twilio’s employees. Twilio says that around 125 of its customers had data compromised during the attack. One of these affected customers is Signal.
On the bright side, Signal’s reputation as the most secure messaging app is intact thanks to its service being 100 percent end-to-end encrypted. Without access to a Signal user’s physical device, a bad actor could not access that user’s messaging history. So, any sensitive information that was shared within messages on Signal have not been compromised. Profile data, contact list, and other data also was not compromised, again, thanks to Signal’s design.
However, Signal warns that there were issues that arose for the users affected by the breach:
“For about 1,900 users, an attacker could have attempted to re-register their number to another device or learned that their number was registered to Signal. This attack has since been shut down by Twilio.”
According to Signal, one of those 1,900 users reported that their account was re-registered on another device without their authorization. Also, as Signal notes, most of its users were not affected at all by the security breach.
That there’s been fairly little fallout from this security breach is a testament to Signal’s security. But the breach is also a reminder of Signal’s one glaring flaw: the requirement that a user registers their phone number to use the messaging service. Signal has previously hinted that it will soon allow people to use usernames instead of their phone number, but there is currently no scheduled roll out for that feature.
Signal says third-party data breach exposed 1,900 phone numbers
Signal’s reputation for secure messaging doesn’t make it completely invulnerable to hacking incidents. The company has confirmed that a data breach at verification partner Twillio exposed the phone numbers and SMS codes of roughly 1,900 users. As TechCrunchobserved, the intruder could have either used the information to either identify Signal users or re-register their numbers to other devices.
The data has already been misused. The culprit searched for three phone numbers, and re-registered the account of one user. Signal doesn’t store chat histories or contacts online, so the breach shouldn’t have revealed other sensitive details.
Signal is taking steps to limit the damage. It will unregister the app on all devices linked to affected accounts, forcing users to re-register. The team also recommended enabling a registration lock that bars anyone from re-registering on other devices without providing a PIN code.
Twilio revealed the breach on August 8th. The currently unidentified perpetrators used phishing scams to obtain login details and access the accounts of 125 customers. Although it’s not clear which other customers were affected, Twilio typically serves large companies and organizations.
The attack increases pressure on Signal to join other encrypted messaging providers in moving away from phone numbers, which can be vulnerable to SIM swaps and other digit-based schemes. This is also a reminder that systems are only as secure as their technology partners — a slip at a third-party is sometimes as dangerous as a direct assault.