TeleMessage lets users archive their chats in secure messaging apps. However, the hacker reportedly found that TeleMessage’s archived chat logs aren’t end-to-end encrypted, allowing them to access the contents of certain messages, government official contact information, and login credentials for the service’s backend.
Though the hacker didn’t obtain messages from Waltz or other cabinet members, screenshots of the stolen data seen by 404 Media show the names, phone numbers, and email addresses of Customs and Border Protection officials. When 404 Media called some of these phone numbers, one person reportedly said their name was the same as the information in the hacked data, while another’s voicemail recording also contained a matching name.
After Waltz was spotted using TeleMessage, 404 Media found that the company “wiped its website,” which previously “contained details on the services it offers, what its apps were capable of, and in some cases direct downloads for the archiving apps themselves.” The hacked data also reportedly included information about crypto exchange Coinbase and Canadian financial institution Scotiabank.
The Verge reached out to TeleMessage’s parent company, Smarsh, with a request for more information but didn’t immediately hear back.
