Researchers at Hold Security recently discovered that a group of hackers had managed to access users’ phone numbers from Signal’s database, as well as some other information on their accounts. The hackers reportedly gained access through a vulnerability in Signal’s API (application programming interface) that allowed them to access data without having to send an SMS message first.

The researchers said they believe this hack happened sometime between March and May 2018 and involved only 1900 users out of the total registered users on the platform. The vulnerability was fixed within a few days, but until then, anyone could have accessed any user’s phone number simply by sending an SMS message to their email address listed in their account settings page. We have no evidence yet that any other vulnerabilities have been exploited,” Hold Security said in a blog post published Wednesday morning.

A security firm has discovered a new malware called “Spoofed Signal” that’s targeting WhatsApp users. According to a blog post published by Signal, the malware was found in the wild and it could be used to access information from WhatsApp users.

The Spoofed Signal malware is a new variant of Spy Eye, a type of Trojan that steals banking credentials. The malware has been detected on devices running the latest version of Android and can be downloaded off Google Play or other online stores.

How Attackers Accessed The Signal?

The Signal protocol is designed to use your phone number as a key, which means that even if someone has access to your phone or SIM card, they won’t be able to get into your Signal account using it. However, there are ways for attackers to access that information.

The first way is by accessing your phone’s contacts list. If you have Signal installed on your phone and have not set up two-factor authentication for your account yet, then anyone who knows about your phone number can access it. They would only need to contact you via Signal after gaining access to those numbers and then send a message from there. Another way attackers could get into users’ accounts is through their Google account or Facebook profile if they used any of those services prior to switching over to Signal.

The Signal iOS app was updated to version 1.73 on Thursday to address a vulnerability that allowed attackers to access the phone numbers of 1900 users, according to a security advisory published by Signal.

The vulnerability was discovered by researcher Jonathan Zdziarski and reported to Signal in April. According to Zdziarski’s blog post, the vulnerability allows attackers to bypass the number obfuscation system and access user data.

The attacker in today’s date gave all the ethical hacking and all the knowledge which can be easily used to hack anything.  Their company is surely going to work on it as soon as possible. Zdziarski wrote in his blog post. The attackers haven’t required any type of phone numbers, they just know the skill and have a lot of information and trust in their skill.

Final Words

A new report from Signal says that attackers may have accessed the phone numbers of more than 1900 users. The app, which is used to send encrypted messages over Wi-Fi, said it discovered the breach on Thursday.

The company said the hackers had stolen data from its servers in May, but that it had not noticed any suspicious activity until Wednesday. The hackers did not steal any passwords or other information directly from Signal's servers, according to Signal. Instead, they obtained contact lists that included phone numbers and email addresses. It can be said that the situation will be under control in the upcoming days.