A hacker has breached TeleMessage, a firm that provides modified versions of encrypted messaging apps like Signal, Telegram, and WhatsApp, gaining access to sensitive message archives and user data tied to U.S. government officials and major corporations. The breach, first reported by 404 Media, reveals serious concerns about the security of archived communication data.
TeleMessage, an Israel-based company owned by Smarsh, offers tools that allow organizations to store and monitor messages from encrypted apps. This service is commonly used to meet compliance requirements in regulated industries. However, the recent hack shows that these modded apps may introduce new risks, especially when used by high-profile clients.
Archived Messages Not End-to-End Encrypted, Hacker Gains Backend Access
The breach has raised red flags about how TeleMessage handles data. According to 404 Media, the hacker accessed a range of sensitive content, including:
- Contents of archived messages
- Contact details of U.S. government officials
- Backend login credentials for TeleMessage systems
- Data linked to clients such as U.S. Customs and Border Protection (CBP), Coinbase, and Scotiabank
Although the messages of former National Security Adviser Mike Waltz and cabinet members were not compromised, the exposed data still includes confidential communication and operational details from multiple government and financial entities.
One of the most troubling discoveries was that messages archived from Signal using TeleMessage’s modded version were not end-to-end encrypted. This means that the archived logs—stored for compliance—can potentially be intercepted or viewed in transit or storage.
Security experts argue that this undermines the very principle of using encrypted apps in the first place. Modding Signal or other secure apps removes many of the safeguards built into their architecture.
Fallout for TeleMessage and Its Clients
The breach places scrutiny on both TeleMessage and its parent company, Smarsh, which specializes in digital compliance tools. It also puts pressure on major clients to reassess their communication security protocols.
404 Media noted that TeleMessage came into the spotlight last week when it was revealed that Mike Waltz was using the company’s modified version of Signal. The U.S. government and agencies like CBP, as well as private-sector firms like Coinbase, use these tools to ensure legal and financial communications are archived according to regulations.
However, the hacker’s findings cast doubt on whether these tools are secure enough for sensitive government use. Experts warn that while compliance is important, it shouldn’t come at the cost of security vulnerabilities introduced by third-party modifications.
Despite multiple requests for comment, Smarsh, Signal, CBP, Coinbase, and Scotiabank have not responded as of publication.
Cybersecurity analysts say this incident highlights a broader issue: when encrypted apps are modified for business or legal use, they may become less secure. Organizations should evaluate whether their archiving tools are worth the trade-off in security, especially when handling government or financial data.
The breach is a reminder that compliance-friendly communication tools must be vetted not only for functionality but for security integrity. As more organizations rely on modded apps for legal archiving, this hack could be a turning point in how secure messaging platforms are adapted for enterprise use.
