According to the company, the phone numbers of 1,900 users could have been exposed in a phishing attack on Signal’s verification services provider. According to a blog post by Signal, the attacker may have also obtained the SMS verification code used to register with the company.
It said in a statement, ‘An attacker may have attempted to re-register their number to another device or discovered that their number was registered to Signal’. Signal and Twilio Inc, which has over 256,000 businesses as customers, are investigating the attack.
Last year, the Chinese Communist Party blocked the messaging app in the country in an attempt to tightly control the flow of information. According to the mobile app analytics firm Sensor Tower, Signal has been installed approximately 58.6 million times worldwide since 2014.