An encrypted messaging app used by the Trump administration temporarily suspended its operations Monday after suffering a massive hack.
TeleMessage, a platform that archives messages sent through apps like Signal, became headline news last week when it was used by recently ousted national security adviser Mike Waltz during a Cabinet meeting. A photo of Waltz’s TeleMessage inbox showed threads with Vice President JD Vance, State Secretary Marco Rubio, and National Intelligence Director Tulsi Gabbard.
“TeleMessage is investigating a recent security incident. Upon detection, we acted quickly to contain it and engaged an external cybersecurity firm to support our investigation,” a company spokesperson told the Daily Beast. “Out of an abundance of caution, all TeleMessage services have been temporarily suspended.”
404 Media first reported the TeleMessage breach, verifying screenshots and information directly from the hacker.
Although the hacker did not obtain messages exchanged by Cabinet members, they gained access to data held by Customs and Border Protection, cryptocurrency firm Coinbase, and financial institutions like Scotiabank, highlighting the risks of adding an archiving feature to secure end-to-end encrypted messaging apps like Signal.
“I would say the whole process took about 15-20 minutes. It wasn’t much effort at all,” the hacker told 404Media. “If I could have found this in less than 30 minutes, then anybody else could too. And who knows how long it’s been vulnerable?”
A Signal spokesperson told the tech news website that it “cannot guarantee the privacy or security properties of unofficial versions of Signal.”
TeleMessage is an Israeli-founded platform acquired by the U.S. company Smarsh last year. Smarsh says it allows customers in the public and private sectors to archive mobile communications and voice data, “making them searchable and producible on-demand for audits and investigations.”
An archived version of the TeleMessage website, which was scrubbed at the start of the month, says it “captures & records Signal calls, messages, deletions, including text, multimedia, files.”
Signal became the center of controversy in March when The Atlantic editor in chief Jeffrey Goldberg revealed in a bombshell report that Waltz accidentally added him to a group chat of high-profile national security officials discussing a military strike in Yemen.
Waltz was booted as national security adviser in the wake of the scandal, though President Donald Trump said he would be nominated as U.S. ambassador to the United Nations instead.
The White House has repeatedly defended top officials’ use of Signal, arguing that it is approved for government use. Trump, however, sang a different tune in a recent interview with Goldberg.
“I think we learned: Maybe don’t use Signal, okay?” he told The Atlantic last month. “If you want to know the truth. I would frankly tell these people not to use Signal, although it’s been used by a lot of people. But, whatever it is, whoever has it, whoever owns it, I wouldn’t want to use it.”
