According to a report by 404 Media, a hacker has exploited a vulnerability in TeleMessage, a service that provides modified versions of secure messaging apps like Signal, Telegram, and WhatsApp.
TeleMessage, owned by Israel-based Smarsh, is used by government agencies and companies to archive messages from encrypted apps. These archived messages can include text, voice notes, and other data.
The breach exposed:
- Archived messages and chat content
- Contact details of U.S. government officials
- Login credentials for TeleMessage’s backend systems
- Data linked to U.S. Customs and Border Protection, Coinbase, and Scotiabank
Although the messages of former U.S. National Security Adviser Mike Waltz and other cabinet officials were not compromised, the report reveals that TeleMessage’s system does not use end-to-end encryption between the modded app and its servers, leaving sensitive data vulnerable.
As of now, Smarsh, Signal, Coinbase, Scotiabank, and U.S. government agencies have not responded to requests for comment.
