A major security breach has compromised TeleMessage, a platform used by U.S. government officials and major corporations to archive communications from encrypted apps like Signal, WhatsApp, and Telegram. A hacker successfully exploited a vulnerability in the service to exfiltrate sensitive data, including archived messages, contact lists, and back-end login credentials, according to a report by 404 Media.
The Scope of the Breach
The incident has exposed data belonging to high-profile entities, including the U.S. Customs and Border Protection, cryptocurrency exchange Coinbase, and financial institution Scotiabank. While reports indicate that the specific messages of cabinet members and former national security adviser Mike Waltz were not among those compromised, the sheer volume of harvested data presents a significant national security and corporate risk.
The breach highlights a critical flaw in how TeleMessage operates: the archived chat logs are not protected by end-to-end encryption during the transfer between the modified messaging app and the company’s storage servers. This structural weakness allowed the attacker to intercept and extract internal communications.
TeleMessage Under Scrutiny
TeleMessage, an Israel-based company currently owned by Smarsh, gained significant attention last week after it was revealed that officials like Mike Waltz relied on its modified version of Signal to maintain record-keeping compliance. The platform provides a bridge for government agencies and businesses to archive voice notes and messages from apps that would otherwise be ephemeral.
Smarsh Responds to Security Incident
Following the discovery of the intrusion, Smarsh confirmed that it has suspended all TeleMessage services while an external cybersecurity firm conducts a forensic investigation. The company stated that it acted immediately to contain the threat and emphasized that other Smarsh products remain unaffected by the incident.
Corporate Impact and Investigation
Coinbase, one of the affected organizations, issued a statement regarding the incident. A spokesperson for the exchange noted that the company is actively assessing the impact but clarified that there is no evidence of sensitive customer information being accessed. The firm stressed that it does not utilize the TeleMessage tool to share passwords, seed phrases, or other critical account access data.
As the investigation continues, other organizations involved, including the U.S. Customs and Border Protection, Scotiabank, and representatives from Signal, have yet to provide official comments on the security failure.