Signal warns users after sophisticated phishing attacks compromise German officials

Signal has officially responded to recent hacking events in Germany, and they claim they were never “hacked.” There are no problems with Signal’s infrastructure or encryption standards, and the attackers only got in because of a phishing scam. Some posts claim that at least 300 accounts were compromised, including high-profile ones like the President of the Bundestag.

Posing as Signal Support, they’ve used clever social engineering tricks to make people hand their credentials over. This allowed the perpetrators to take over some Signal accounts in Germany, belonging to high-profile officials.

A post went viral on X, showing the exact phishing messages that the German officials received. To be fair, Signal did offer a warning that said “Check carefully” in German, detecting that it may be a fake name. It’s unclear why the officials decided to ignore this warning. There are vague claims of “Russian Intelligence” targeting Germany, but this is just speculation at the moment.

A phishing scam basically involves attackers impersonating an official source and tricking a person into sharing private credentials. To combat attacks such as this, Signal has announced that they’ll introduce some changes to its platform in the coming weeks.

They didn’t exactly explain what changes they’re making, but for now, they’ve advised users to “Stay vigilant” and enable Registration Lock from Signal Settings for an added layer of security.

The post goes on to explain the exact way everything went down. The attackers harvested credentials through spoofed support messages, then swiftly swapped the associated phone numbers to de-register the original owners. In a final layer of deception, victims were told the service interruptions were “expected behavior,” allowing hackers to maintain control while posing as the account owners.

When the victims logged back into their accounts, they weren’t aware that the hackers had already taken control of the main account. They would use this to pose as owners of the account and target contact lists.

User reactions were mostly mixed because it’s not Signal’s fault. Some people blamed the victims, but it’s not that simple. While they should’ve stayed more vigilant, Signal shouldn’t have allowed profile display names such as “Signal Support” in the first place. Others called it “kindergarten-level hacking” because it was an obvious scam.

Others claim this issue has been going on for months, and Signal hasn’t acted on it fast enough. Some argue that it’s an intentional architecture choice, and that Signal is at fault for allowing such recovery methods in the first place. A lot of people feel that there are better account protection methods than what Signal offers at the moment.

We stand out from the tech-media crowd because we break news stories; we mainly bring you stuff that you won’t find anywhere in the mainstream tech media. Our stories have been picked up by some of the world’s most popular websites and media outlets—more info is available here.