Encrypted messaging app Alarm It is working on new security measures after reports that Russian state-backed hackers successfully stole nearly 300 user accounts in Germany.
“In the coming weeks, you’ll see us implement a number of changes to prevent these types of attacks,” Signal said. tweet on monday.
last week, news It became known that Russian hackers were able to take over the accounts of several high-profile politicians in Germany, including the speaker of the country’s parliament. The kidnappings affected at least 300 people in the country. according to German news website Mirror.
Signal noted that the encrypted messaging service has not been hacked. “The integrity of our encryption, infrastructure and application code has not been compromised,” said the non-profit Signal Technology Foundation.
Instead, suspected Russian hackers used phishing messages impersonating Signal Support. Contact victims assume the messages are legitimate, but are actually a trap to manipulate users into handing over a one-time authentication code, a Signal PIN, and even a backup recovery key that can later be used to access the user’s Signal account on a second phone.
European officials raised alarm bells The FBI followed up on the threat last month. But it seems the warnings weren’t enough to stop the hackers. Josh Rogin, global security analyst Washington Post, noted the same tactic has successfully targeted human rights activists opposed to the Chinese government.
This Tweet is currently unavailable. It is loading or deleted.
For now, Signal was mum on exactly how to counter the threat. The nonprofit noted that because Signal uses end-to-end encryption, it cannot collect any user data to reveal more technical details about phishing attacks.
However, Signal said: “While it’s true that all messaging platforms are vulnerable to scams and phishing that betray people’s trust and convince them to ‘unlock the front door’ where there is no back door, we do everything we can to help people avoid and detect these types of scams.”
“For now, please be careful of phishing and account takeover attempts,” Signal added. “Remember that no one from Signal Support will ever send you a message request or ask for your registration verification code or Signal PIN.”
Alarm support document too notes: “We do not communicate via in-app messages, phone calls, SMS or social media. We only communicate. via email with official @signal.org they will catch.”
About our specialist
Michael Kahn
Chief reporter
Experience
I have been a journalist for more than 15 years. I started as a school and city reporter in Kansas City and joined PCMag in 2017, covering satellite internet services, cybersecurity, computer hardware, and more. I currently live in San Francisco, but previously spent over five years in China covering the country’s technology sector.
Since 2020, I’ve covered the launch and explosive growth of SpaceX’s Starlink satellite internet service, writing more than 600 stories on availability and feature launches, as well as regulatory battles over expanding satellite constellations, battles with rival providers like AST SpaceMobile and Amazon, and efforts to expand into mobile satellite-based service. I scoured FCC filings for the latest news and traveled to remote corners of California to test Starlink’s cell service.
I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. in 2024 and 2025 The FTC forced Avast to pay $16.5 million for secretly collecting consumers’ personal information and selling it to third-party clients, as revealed in my joint disclosure investigation with the motherboard.
I also cover the PC graphics card market. Disadvantages during the pandemic he took me to the camp In front of Best Buy to get the RTX 3000. Now I’m watching how AI-based memory shortages affect the entire consumer electronics market. I’m always eager to learn more, so please leave feedback in the comments and send me tips.
Read Full Bio
