A hacker exploited a compliance tool used to archive encrypted messages, exposing sensitive data tied to U.S. officials and major corporations.
A hacker exploited a vulnerability in TeleMessage, a platform that provides modified versions of encrypted messaging apps like Signal, Telegram, and WhatsApp, to access archived messages and other sensitive data. TeleMessage is widely used by government officials and companies to retain communications from encrypted platforms for compliance purposes. The breach was first reported by 404 Media and confirmed by a statement from Smarsh, the Israel-based parent company.
While high-profile users such as former U.S. national security adviser Mike Waltz were confirmed to have used the service, 404 Media noted that messages from cabinet members and Waltz himself were not compromised. However, the hacker did gain access to archived message contents, government officials' contact information, and back-end login credentials for TeleMessage’s systems.
The breach also revealed a flaw: messages stored via TeleMessage’s modified Signal app were not end-to-end encrypted between the app and its storage destination. This effectively undermined the security typically associated with Signal. Data linked to the U.S. Customs and Border Protection, Coinbase, and Scotiabank was among the information reportedly accessed.
In response, Smarsh suspended all TeleMessage services and launched an investigation with help from an external cybersecurity firm. The company stated that the incident was contained quickly and that other Smarsh services were unaffected.
Smarsh told TechCrunch: “Upon detection, we acted quickly to contain it and engaged an external cybersecurity firm to support our investigation. Out of an abundance of caution, all TeleMessage services have been temporarily suspended.”
Requests for comment from Signal, U.S. Customs and Border Protection, and Scotiabank went unanswered at the time of reporting.
The breach proves the risks of modifying secure apps for enterprise or government use, especially when those modifications interfere with core security features like end-to-end encryption. It also raises broader concerns about how sensitive government and corporate communications are archived, stored, and secured. As encrypted messaging becomes a fundamental part of official and private communication, the integrity of third-party compliance tools must be scrutinized. Without strong encryption throughout the data lifecycle, even the most secure apps can become vulnerable when modified or misused.
TeleMessage enables organizations to archive messages from encrypted apps like Signal and WhatsApp to meet legal and compliance requirements.
Encrypted apps don’t retain messages by default, so third-party tools like TeleMessage are used by businesses and government agencies to store records for audits, investigations, or legal obligations.
When tools alter the standard behavior of apps like Signal, they can bypass or strip away core security features, such as end-to-end encryption, during message capture or storage.
Poorly secured or misconfigured compliance tools can become a single point of failure, exposing entire troves of sensitive communications if breached.