TechCrunch·

⚠️Hackers Target Signal Users for Backup Recovery Keys

Phishing Attack Targets Signal's Secure Backups Feature

TL;DR

A new phishing campaign targets Signal users, tricking them into sharing recovery keys used to access chat backups. This attack specifically aims at the 'Secure Backups' feature launched last year.

Hackers are targeting Signal users with a sophisticated phishing scheme aimed at stealing their recovery keys for Secure Backups. The attackers pose as Signal support and warn of data loss due to sync issues, urging victims to share their recovery key. This is particularly concerning because the recovery key is essential for accessing online backups containing older chats, photos, and documents. If you're an activist or part of a community that uses Signal heavily, be extra vigilant. The attack leverages social engineering tactics and could spread beyond its current targets.

Hackers Target Signal Users for Backup Recovery Keys — TechCrunch

Key Points

1

Phishing campaign targets Signal's 'Secure Backups' feature, launched last year.

2

Attackers pose as Signal support and warn of data loss due to sync issues.

3

Recovery keys are essential for accessing online backups containing older chats.

4

Signal warns users that they will never ask for registration codes or recovery keys.

5

This attack is a new tactic focusing on stealing backup access rather than account takeover.

Why It Matters

If you're using Signal's Secure Backups, this phishing campaign could compromise your backups. Activists and community members should be especially cautious as they are primary targets. The recovery key is the only way to access your online backups; losing it means losing access to your data.

signalphishingsecure-backupsrecovery-keysocial-engineering

Frequently Asked Questions

Why does this matter?

If you're using Signal's Secure Backups, this phishing campaign could compromise your backups. Activists and community members should be especially cautious as they are primary targets. The recovery key is the only way to access your online backups; losing it means losing access to your data.

What happened?

A new phishing campaign targets Signal users, tricking them into sharing recovery keys used to access chat backups. This attack specifically aims at the 'Secure Backups' feature launched last year.

Comments

Subscribe to join the conversation...

Be the first to comment

Enjoyed this article?

Get it daily. 7am. Free. Reads in 5 minutes.