Signal warns users after Russian hackers compromise accounts

Warning comes after more than 300 users had accounts compromised in a phishing campaign

Signal, the encrypted messaging app, has warned users to be vigilant against attempts to phish their accounts.

The non-profit's warning came after German news publication Der Spiegel reported over the weekend that at least 300 people in Germany, including politicians, had had their accounts compromised by Russian operatives.

The report comes a month after intelligence agencies warned that Russian state‑backed hackers were targeting Signal and WhatsApp as part of a global cyber campaign aimed at government officials, military personnel and journalists.

In a series of posts on social media, Signal clarified that the app had not been hacked, in that its code and infrastructure had not been compromised. However, it added: “Sophisticated attackers have engaged in a harmful phishing campaign, posing as ‘Signal Support’ by changing their profile display name and using social engineering to trick people into handing over their credentials.”

This information allowed the attackers to take over a number of targeted Signal accounts. In some cases, they changed the phone number associated with the account, which automatically de‑registers it. The fake Signal Support operatives told victims this was expected behaviour and that they should “re‑register”. In reality, this created a new account, meaning many victims did not notice the change. Meanwhile, the attackers were able to use the compromised accounts to impersonate victims and harvest their contact lists.

Signal, which is end‑to‑end encrypted and does not store user data, is frequently used by journalists, activists and politicians who need to keep their messages and contacts private.

“We understand the trust that people put in Signal, and how devastating this kind of social engineering can be,” the company said.

“While it’s true that all messaging platforms are susceptible to scams and phishing attacks that betray people’s trust and convince them to ‘unlock the front door’ where no backdoor exists, we are committed to doing everything we can to help people avoid and detect such scams.”

Signal did not provide details of the planned measures but said it would be “rolling out a number of changes to help hinder these kinds of attacks” in the coming weeks.

In the meantime, users are advised to remain vigilant against phishing attempts, avoid handing over PINs and verification codes, and enable Registration Lock in the app’s settings.