(José Niño, Headline USA) A hacker has reportedly breached the TeleMessage, an Israeli firm that sells modified versions of Signal and other encrypted messaging apps—recently revealed to have been used by Trump’s former National Security Advisor Michael Waltz.
According to a report by 404 Media, stolen data from TeleMessage includes the contents of some direct messages and group chats, as well as contact details for government officials and backend login credentials.
While the hacker did not access all messages or those of cabinet members, the breach exposed serious vulnerabilities in a tool used to archive sensitive government communications.
As Headline USA previously reported, TeleMessage came under scrutiny after Waltz, the Trump administration’s former National Security Advisor, was photographed using the company’s Signal clone during a cabinet meeting with President Trump.
The app, which is designed to comply with legal requirements to archive messages, has been used by officials including Marco Rubio, Tulsi Gabbard, and JD Vance. The hack shows that the archived chat logs are not end-to-end encrypted between the modified app and the archive server, undermining the security of the platform.
The hacker told 404 Media, “I would say the whole process took about 15-20 minutes. It wasn’t much effort at all.” The breach included data related to Customs and Border Protection (CBP), Coinbase, and other financial institutions. One screenshot showed contact information for up to 747 CBP officials, while another listed Coinbase employees.
The hacker also accessed group chats discussing sensitive legislative efforts, such as a controversial cryptocurrency bill.
404 Media verified the data by contacting individuals named in the breach and using open-source intelligence tools to confirm phone numbers. The compromised server was hosted on Amazon AWS in Northern Virginia, and analysis of TeleMessage’s Android app confirmed it sent message data to this endpoint.
TeleMessage’s business model involves modifying popular encrypted messaging apps to send copies of messages to a remote server for archiving. While the company claims its apps maintain Signal’s security, the breach proves otherwise.
“The only difference is the TeleMessage version captures all incoming and outgoing Signal messages for archiving purposes,” a company video states. However, security experts warn that adding a third party to store messages inherently weakens security.
“We cannot guarantee the privacy or security properties of unofficial versions of Signal,” a Signal spokesperson previously told 404 Media. The White House has previously stated that Signal is an approved app for government use, but the use of modified versions raises concerns about data security.
The hacker said he targeted TeleMessage out of curiosity about its security.
“If I could have found this in less than 30 minutes then anybody else could too. And who knows how long it’s been vulnerable?” the hacker said. TeleMessage has since suspended its services, and parent company Smarsh has engaged an external cybersecurity firm to investigate.
Public procurement records show TeleMessage has contracts with multiple U.S. government agencies, including the State Department and the CDC. The breach highlights the risks of using modified versions of secure messaging apps for sensitive communications.
The hack serves as a stark reminder that third-party archiving can undermine even the most secure messaging platforms.
José Niño is the deputy editor of Headline USA. Follow him at x.com/JoseAlNino
