Hacked Twilio exposed phone numbers of 1,900 users

Phone numbers of nearly 1,900 Signal users were exposed in the data breach Twilio cloud communications giant suffered at the beginning of the month.

Twilio provides phone number verification services for Signal and last week disclosed that an attacker hacked its network on Aug 4.

The communications firm confirmed that data belonging to 125 of its customers was exposed after the hackers gained access to Twilio employee accounts by sending them text messages with malicious links.

Signal today published an advisory for its users informing them how the cyberattack on Twilio impacted them:

All users can rest assured that their message history, contact lists, profile information, whom they'd blocked, and other personal data remain private and secure and were not affected.

But, unfortunately, however, for about 1,900 Signal users their phone numbers were potentially exposed to the Twilio attacker, who could have attempted to register them to another device.

The encrypted instant messaging service says that from the 1,900 phone numbers, the attacker “explicitly searched” for three of them. One of these users reported that their account was re-registered.

In the same time, Signal reassures users that the message history remained safe at all times because it is available only on the device with no copy on the service’s servers.

The other day, anonymous poop gifting site ShitExpress, a web service that lets you send a box of feces along with a personalized message to friends and enemies, has been breached after a "customer" spotted a vulnerability.