A hacker has exploited a vulnerability in TeleMessage, which provides modded versions of encrypted messaging apps such as Signal, Telegram and WhatsApp, to extract archived messages and other data relating to U.S. government officials and companies who used the tool, 404 Media reported.
TeleMessage came into the spotlight last week after it was reported that former U.S. National Security Adviser Mike Waltz was using TeleMessage’s modified version of Signal. Israel-based TeleMessage, owned by Smarsh, offers its clients a way to archive messages, including voice notes, from encrypted apps.
The messages of cabinet members and Waltz were not compromised, 404 Media said, but the hacked data contained contents of messages; contact information of government officials; backend login credentials for TeleMessage, and more. Data pertaining to the U.S. Customs and Border Protection, crypto exchange Coinbase, and financial service providers like Scotiabank were extracted by the hacker, the report said.
The hack revealed that the archived chat logs are not end-to-end encrypted between the modded version of Signal that TeleMessage offers and the ultimate location where it stores the messages, 404 Media reported.
Smarsh, Signal, U.S. Customs and Border Protection, Coinbase, and Scotiabank did not immediately return requests for comment.
