Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
A communications app used by the Trump administration’s national security adviser has suspended services after it was allegedly hacked for the second time in 24 hours.
The app in question is TeleMessage, an Israeli-owned messaging service that provides access to modified messaging services, including a Signal clone, which was revealed to be used by US national security adviser Mike Waltz last week.
TeleMessage allows users to archive messages from these secure messaging services; however, its encryption and security measures aren’t particularly clear. While Signal also allows for message archiving, it encrypts each message as it travels from one user to another.
Just yesterday (5 May 2025), Smarsh, the company behind TeleMessage, reportedly suffered a cyber attack, according to 404Media, after a threat actor reached out claiming to have breached the app and exfiltrated data.
According to the hacker, speaking with 404Media, the data exfiltrated includes government official contact information, contents of messages for some users, usernames and passwords for accessing the TeleMessage back end, and hints as to what companies and government agencies may be using TeleMessage.
404Media said that the threat actor did not access all messages and user content but could have accessed more than they did if they wanted to, highlighting the security risk. The identity of the threat actor is unknown.
“I would say the whole process took about 15-20 minutes,” the threat actor told 404Media.
“It wasn’t much effort at all.”
The hacker reportedly used the compromised credentials provided in the sample to access the TeleMessage back end and exfiltrated data passing through its servers during the time of access. Some of this data included a US government discussion regarding a controversial cryptocurrency bill.
Just hours later, a second threat actor also claimed to have breached TeleMessage.
Speaking with NBC, a threat actor claimed to have breached a centralised TeleMessage server and exfiltrated a large cache of data. They also verified their claims with a screenshot of a TeleMessage contact list of employees at Coinbase, a cryptocurrency broker.
Coinbase verified the list but stressed it was not hacked.
“At this time, there is no evidence any sensitive Coinbase customer information was accessed or that any customer accounts are at risk, since Coinbase does not use this tool to share passwords, seed phrases, or other data needed to access accounts,” said a Coinbase spokesperson.
Smarsh has since announced that it has launched an investigation into the breaches.
“[Smarsh] is investigating a potential security incident. Upon detection, we acted quickly to contain it and engaged an external cybersecurity firm to support our investigation,” said a spokesperson.
“Out of an abundance of caution, all TeleMessage services have been temporarily suspended.”
In addition, US Customs and Border Protection has halted use of the app for the time being, according to the Department of Homeland Security.
“Following the detection of a cyber incident, CBP immediately disabled TeleMessage as a precautionary measure. The investigation into the scope of the breach is ongoing,” said a Homeland Security spokesperson.
TeleMessage user Waltz was previously caught up in a scandal being referred to as “Signalgate”, in which he and a number of other Trump administration senior staff accidentally leaked plans to launch strikes on Yemen to a journalist.
The editor-in-chief of The Atlantic, Jeffrey Goldberg, said he was sent a connection request by a user going by “Michael Waltz”.
Goldberg accepted the connection request despite not believing that the user was the real Michael Waltz.
Two days later, he was then invited to a group chat called the “Houthi PC small group”, where it was revealed that the US was planning to launch strikes on Yemen. PC, in this case, refers to “principals committee”, which generally means a group of high-ranking, senior national security officials.
The issue has been highlighted as a major security concern, with lawyers concluding that Waltz may have violated the Espionage Act through the use of Signal for planning a national security-related action.
National security lawyers speaking with Goldberg said that US officials should not be creating Signal threats at all and that national security matters should be discussed in a sensitive compartmented information facility, or SCIF, something most high-ranking national security officials have in their own homes. The only alternative would be to use government equipment for communication.
Additionally, Goldberg noted that SCIFs do not allow mobile phones, suggesting the operation was discussed in a public space.
“Had they lost their phones, or had they been stolen, the potential risk to national security would have been severe,” Goldberg said.
Furthermore, Goldberg noted that the messages were set to disappear after either a week or four weeks, which may be a violation of federal records law as communications about official acts are required to be preserved.
Be the first to hear the latest developments in the cyber industry.
