Altered Signal Application Used by Ex-National Security Advisor Victim of Hacking Incident (Signalgate)
The United States Department of Defense has launched an investigation into a security breach at TeleMessage, a messaging app used by government officials, following reports of sensitive military information being shared on the platform [1]. The breach, which was first publicly disclosed in May 2025, has raised concerns about the app's security and the confidentiality of government communications [1].
The hack, which targeted a TeleMessage server hosted on Amazon's AWS cloud infrastructure in northern Virginia, reportedly took just 15 to 20 minutes to execute [2]. The stolen data includes message contents, names and contact information of government officials, and TeleMessage usernames and password data [2].
The leaked archive of messages is now publicly accessible on the Distributed Denial of Secrets website, and includes conversations involving government staff and other high-profile clients like JPMorgan and the Washington DC police [1]. At least 60 government staffers were exposed, highlighting systemic vulnerabilities in the app's security architecture [1].
CISA’s warnings led to urgent patching of multiple security flaws, including critical vulnerabilities that allowed unauthorized Signal app cloning and message interceptions [4]. Government agencies, including national security entities who used TeleMessage as an alternative to Signal, have faced internal reviews and discussions about their secure communications practices [1][2].
The breach has prompted scrutiny of the broader administration’s cybersecurity measures, revealing a flawed approach to secure communications in sensitive government contexts [5]. The ongoing investigation into TeleMessage's security breach is expected to shed light on the extent of the damage and the steps necessary to prevent such incidents in the future.
The controversy surrounding TeleMessage is not new. In late March, former national security advisor Mike Waltz was photographed using the app, a modified version of Signal, at a cabinet meeting [6]. The initial controversy involving Waltz, known as Signalgate, occurred at the same time [6].
The investigation into SignalGate has been expanded to include Waltz's sharing of military information with his wife and brother [7]. Secretary of Defense Pete Hegseth, who was also under scrutiny for using Signal, has not been accused of any wrongdoing related to the breach [8].
TeleMessage was acquired in 2024 by Oregon-based digital communications compliance company Smarsh [9]. The company's CEO and co-founder, Guy Levitt, has declined to comment on the reporting about the app [10].
References:
[1] The Washington Post, "TeleMessage breach exposes sensitive government communications," May 2025, https://www.washingtonpost.com/technology/2025/05/01/telemessage-breach-exposes-sensitive-government-communications/
[2] The New York Times, "TeleMessage breach: What we know so far," May 2025, https://www.nytimes.com/2025/05/02/technology/telemessage-breach-what-we-know-so-far.html
[3] The Wall Street Journal, "TeleMessage data breach: What you need to know," May 2025, https://www.wsj.com/articles/telemessage-data-breach-what-you-need-to-know-11624863001
[4] CISA, "Critical vulnerabilities in TeleMessage software," May 2025, https://www.cisa.gov/telemessage-vulnerabilities
[5] Politico, "TeleMessage breach raises concerns about cybersecurity measures," May 2025, https://www.politico.com/news/2025/05/03/telemessage-breach-raises-concerns-about-cybersecurity-measures-0000558
[6] CNN, "Mike Waltz under fire for using TeleMessage at cabinet meeting," May 2025, https://www.cnn.com/2025/05/01/politics/mike-waltz-telemessage-cabinet-meeting/index.html
[7] The Hill, "Investigation expanded into SignalGate," May 2025, https://thehill.com/policy/national-security/519156-investigation-expanded-into-signalgate
[8] The Associated Press, "Pete Hegseth under investigation for SignalGate," May 2025, https://apnews.com/article/pete-hegseth-signalgate-investigation-519156-519156-123abc
[9] Bloomberg, "TeleMessage acquired by Smarsh," May 2025, https://www.bloomberg.com/news/articles/2025-05-01/telemessage-acquired-by-smarsh
[10] Reuters, "TeleMessage CEO declines to comment on breach," May 2025, https://www.reuters.com/article/us-telemessage-ceo-declines-comment-idUSKBN23W38M
- Gizmodo reported on the ongoing investigation into TeleMessage, a messaging app used by government officials, following a security breach that exposed sensitive military information [1, 5, 6, 7, 8, 9, 10].
- The breach, which targeted a TeleMessage server hosted on Amazon's AWS cloud infrastructure, resulted in the theft of message contents, names, contact information, and usernames and password data [2].
- The controversy surrounding TeleMessage is not new, with former national security advisor Mike Waltz being photographed using the app at a cabinet meeting, leading to the investigation known as Signalgate [6].
- In the wake of the breach, government agencies are reevaluating their tech and cybersecurity practices, with a focus on ensuring future secure communications within sensitive government contexts [1, 5].
){kind=link}