Major Security Breach: Hackers Compromise Signal Messenger Used by U.S. Officials

In a significant cybersecurity incident, hackers have breached TeleMessage, an Israeli company that provides modified versions of the Signal messenger and other communication applications to the U.S. government. According to a report by 404 Media, the attacker gained access to sensitive customer data, including information related to the U.S. Customs and Border Protection (CBP).

The hacker, who reached out to journalists, claimed that infiltrating the system was alarmingly simple and took merely 15 to 20 minutes, revealing serious vulnerabilities in the company’s infrastructure. The compromised data includes correspondence from both group and personal chats on modified versions of Signal, Telegram, and WeChat, raising critical concerns about the security of high-level communications.

Founded in 1999 and acquired by the American firm Smarsh in 2024, TeleMessage specializes in creating applications that archive messages to comply with U.S. data-retention laws, such as the Presidential Records Act. However, the archives are reportedly not protected by end-to-end encryption between the app and the final storage, leaving them susceptible to unauthorized access. Users of the app include prominent U.S. administration officials, such as former National Security Advisor Mike Waltz, Vice President J.D. Vance, and Director of National Intelligence Tulsi Gabbard. Notably, while the hacker did not access these individuals’ correspondence, the breach underscores the risks inherent in utilizing third-party software for sensitive communications.

The breach has raised alarms in Washington, particularly following a recent incident involving Waltz. A photo taken during a cabinet meeting on May 1, 2025, showed him using TM SGNL, a modified version of Signal, bringing TeleMessage under scrutiny. This incident follows the “SignalGate” scandal in March 2025, when Waltz inadvertently included a journalist from The Atlantic in a chat discussing military operations in Yemen. That leak, which exposed sensitive intelligence provided by Israel, had already strained relations with Israeli officials.

The current hacking incident amplifies fears that foreign intelligence agencies, including those from China and Russia, may have already accessed the archives, raising the stakes for U.S. national security.

A technical analysis by cybersecurity expert Micah Lee, published on micahflee revealed alarming findings in the TM SGNL source code, including hardcoded credentials and other vulnerabilities, some of which were stored on GitHub. This analysis highlights the pressing need for robust cybersecurity measures, particularly for applications used by government officials handling sensitive information.