{"id":58021,"date":"2026-04-28T09:08:30","date_gmt":"2026-04-28T07:08:30","guid":{"rendered":"https:\/\/aboutsignal.com\/?p=58021"},"modified":"2026-04-28T09:39:35","modified_gmt":"2026-04-28T07:39:35","slug":"signal-responds-to-reports-no-hack-but-targeted-phishing-campaign","status":"publish","type":"post","link":"https:\/\/aboutsignal.com\/de\/news\/signal-responds-to-reports-no-hack-but-targeted-phishing-campaign\/","title":{"rendered":"Signal responds to reports: no hack, but targeted phishing campaign"},"content":{"rendered":"

Following recent reporting in Germany, Signal has issued a detailed response to clarify the situation and address concerns about its security. The non profit organisation stresses that Signal itself was not hacked, and that encryption, infrastructure, and the integrity of the app’s code was not compromised. <\/strong><\/p>\n\n\n\n

Instead of a technical breach, the incident involved a sophisticated phishing campaign. Attackers posed as \u201cSignal Support\u201d by changing their profile display name and using social engineering techniques to gain trust. Victims were manipulated into sharing sensitive information such as verification codes, which enabled attackers to take over their accounts. <\/p>\n\n\n\n

The use of the term \u201chack\u201d in some reports is therefore misleading, as there was no intrusion into Signal’s technical infrastructure. <\/p>\n\n\n\n

How the attack unfolded<\/strong><\/h2>\n\n\n\n

Because Signal doesn’t collect user data, much of its understanding of the attacks comes directly from those who were targeted. <\/p>\n\n\n\n

Based on victim reports, Signal describes a clear pattern in how the attacks were carried out. After gaining access to login credentials, attackers would take control of the account and often change the linked phone number. Victims were told that being logged out was expected behavior and were encouraged to \u201cre-register.\u201d Believing they were restoring access, they unknowingly created new accounts while their original ones remained compromised. As a result, many didn’t notice the takeover, allowing attackers to use hijacked accounts to contact people in their networks.<\/p>\n\n\n\n

New changes to help hinder attacks<\/h2>\n\n\n\n

Signal acknowledges that phishing and social engineering affect all major messaging platforms. However, the organisation notes that the consequences are particularly serious given the high level of trust users place in its service.<\/p>\n\n\n\n

The incidents highlight a broader reality in cybersecurity: even strong technical defenses can’t prevent attackers from exploiting human behavior.<\/p>\n\n\n\n

In response, Signal says it will roll out new measures in the coming weeks to help prevent and detect phishing attempts. Specific details have not yet been disclosed.<\/p>\n\n\n\n

Stay alert<\/h2>\n\n\n\n

Signal urges users to remain cautious and aware of potential scams. It reiterates that Signal Support will never ask for verification codes or PINs through messages. Users are also encouraged to enable Registration Lock (Settings > Account > Registration Lock) to add an extra layer of protection.<\/p>\n\n\n\n

For those who want more information about how attackers work and how to protect yourself on Signal, read our article: Phishing-Versuche auf Signal \u2013 Wie sie funktionieren und wie du dich sch\u00fctzen kannst<\/a>.

Signal’s full response can be read on social media Bluesky<\/a>, Mastodon folgst<\/a> und X reagiert<\/a>.<\/p>\n\n\n\n

<\/p>\n\n\n\n

\n

A response to recent reporting in Germany, in service of clarity and accountability: \n\nFirst, it\u2019s important to be precise when it comes to critical infrastructure like Signal. Signal was not \u201chacked\u201d \u2014 in that our encryption, infrastructure, & the integrity of the app\u2019s code was not compromised. 1\/<\/p>— Signal (@signal.org<\/a>) 27 april 2026 om 22:53<\/a><\/blockquote>