A vulnerability in TeleMessage, a messaging service providing modified versions of popular encrypted apps such as Signal, Telegram, and WhatsApp, has been exploited by a hacker, reportedly compromising archived communications and sensitive data connected to several U.S. government officials and major corporations.
The security breach, first reported by 404 Media, allowed the attacker to extract messages, backend credentials, and contact information. While data from officials such as former U.S. national security adviser Mike Waltz and cabinet members was not compromised, the leak included chat logs from the U.S. Customs and Border Protection service, cryptocurrency exchange Coinbase, and financial institutions, notably Scotiabank.
TeleMessage, an Israeli firm operated by its parent company Smarsh, gained prominence when it emerged that senior U.S. officials, including Waltz, used it for archiving encrypted communications. However, the hack exposed weaknesses in its security infrastructure, specifically revealing that archived messages were not end-to-end encrypted during transmission to their final storage locations.
Responding swiftly to the incident, Smarsh confirmed that TeleMessage’s services were temporarily suspended while an external cybersecurity firm conducts an investigation. In a statement, Smarsh reassured clients that the breach was contained quickly once identified, emphasizing, “All other Smarsh products and services remain fully operational.”
Coinbase separately addressed concerns about client safety, saying in a statement that it was actively assessing the implications of the breach but saw no indication that sensitive Coinbase customer information had been compromised. The exchange added it did not utilize TeleMessage to manage passwords, seed phrases or other critical account details.
Other organizations linked to the compromised data, including Signal, U.S. Customs and Border Protection, and Scotiabank, have not immediately issued comments addressing the incident.
