A copy of Signal messaging app used used by Donald Trump's advisers hacked

On 4 May 2025, an anonymous hacker reported to the media that he had gained access to sensitive data of members of the US government on TeleMessage, an Israeli instant messaging application that acts as an extension of Signal. The gateway to this incident was the publication of photographs showing former national security adviser Mike Waltz using TeleMessage.

Although the Signal application implements end-to-end encryption for communications, TeleMessage stores copies of already decrypted messages, which opened the door to this security breach. The attacker indicates that he managed to break into the system with relative ease and gained access to archived chats, although he also claims that his intention was only to assess the security of the software. Among the compromised information, names, contact details, control panel passwords and other sensitive information were accessed. Screenshots leaked by the hacker show that institutions such as Customs and Border Protection (CBP), cryptocurrency firm Coinbase and other financial institutions were linked to the exposed data.

The main problem is that TeleMessage interferes with the secure encryption offered by Signal by adding a third party to the communication. This system stores messages on external servers after they have been decrypted, in an attempt to comply with government regulations on the retention of communications. However, by not applying strong encryption to these copies, they become an easy target for cybercriminals.

The hacker was thus able to demonstrate that these files were not properly protected and points out the risks of using tools that alter the security of applications designed to keep communications private.