Signal has warned users to look out for signs of scams, after Dutch intelligence said high-profile users of the secure messaging app were being targeted by hackers.
Dutch cybersecurity agencies said on Monday a Russia-backed campaign had targeted individual users of Signal, as well as WhatsApp.
They said this had seen hackers pose as support staff to try and obtain details that would give them access to accounts or hijack linked devices – with Dutch officials, military staff and civil servants among those targeted in the “global” campaign.
Signal says its systems remain secure but it is taking reports of such activity “very seriously”.
The campaign was identified by Dutch intelligence agencies, the Military Intelligence and Security Service (MIVD) and General Intelligence and Security Service (AIVD).
They said in a press notice, external the “large-scale global cyber campaign” appeared to target people of interest to the Russian state, such as government officials and journalists.
“It is not the case that Signal or WhatsApp as a whole have been compromised. Individual user accounts are being targeted,” said Simone Smit, AIVD director-general.
Signal reiterated this in a series of posts on X, external, stressing its systems “have not been compromised and remain robust”.
“These attacks were executed via sophisticated phishing campaigns, designed to trick users into sharing information – SMS codes and/or Signal PIN – to gain access to users’ accounts,” it wrote.
So-called phishing attacks see criminals attempt to convince users to part with passcodes, money or details about their identity – often by impersonating customer support agents, friends, family and celebrities.
In the campaign identified by Dutch intelligence agencies, hackers pretended to be Signal Support to try and get people to share account details.
Source: BBC News