Rewterz Threat Advisory – CVE-2022-21233 – Intel Processors Vulnerability
August 17, 2022Rewterz Threat Alert – Ryuk Ransomware – Active IOCs
August 18, 2022Rewterz Threat Advisory – CVE-2022-21233 – Intel Processors Vulnerability
August 17, 2022Rewterz Threat Alert – Ryuk Ransomware – Active IOCs
August 18, 2022Severity
High
Analysis Summary
The data breach that Twilio, a cloud communications firm, had at the beginning of the month exposed the phone numbers of almost 1,900 Signal users.
Twilio offers phone number verification services to Signal, and this recent security compromise affected some users of the popular instant-messaging app.
The communications company announced that 125 of its customers’ data had been exposed after hackers used text messages with malicious links to breach Twilio staff members’ accounts.
Signal released a user advisory detailing how the Twilio incident affected them. The company assured users that their message histories, contact lists, profile details, blocked users, and other sensitive information remained private and safe and were unaffected.
However, for about 1,900 Signal users, the Twilio attacker may have had access to their phone numbers and could have sought to register them to another device.
The company is alerting the 1,900 impacted users and is encouraging them to re-register Signal on their devices. Users who have received an SMS message from Signal including a link to a help article must follow the mentioned steps.
Hackers obtained access to Twilio’s customer support console, allowing them to check if the phone number was associated with a Signal account or if the SMS verification code for registration was revealed.
“During the window when an attacker had access to Twilio’s customer support systems it was possible for them to attempt to register the phone numbers they accessed to another device using the SMS verification code. The attacker no longer has this access, and the attack has been shut down by Twilio” – Signal concluded
According to the experts, three numbers were specifically sought for by the attacker, and one of those three users reported that their account had been re-registered to Signal.
“We recommend that users turn on registration lock for their Signal accounts. An additional layer of verification is added to the registration process when you use an optional registration lock along with your Signal PIN. To do this, navigate to Signal Settings (profile) > Account > Registration Lock.
Impact
- Information Theft
- Data Breach
Remediation
- Open Signal on your phone and re-register your Signal account if prompted.
- It is strongly advised that you enable registration lock in the app’s Settings to better safeguard your account.