TeleMessage provides users with the ability to archive their chats in secure messaging apps. However, a hacker reportedly discovered that the archived chat logs are not end-to-end encrypted, which enabled them to gain access to certain message contents, contact information of government officials, and credentials for the service’s backend.
While the hacker did not obtain messages from Waltz or other cabinet members, screenshots of the retrieved data viewed by 404 Media revealed the names, phone numbers, and email addresses of Customs and Border Protection officials. When 404 Media contacted some of these numbers, one individual reportedly confirmed their name matched the hacked information, and another’s voicemail also included a matching name.
Following Waltz’s use of TeleMessage, 404 Media noticed that the company “wiped its website,” which previously had details about its services, the capabilities of its apps, and sometimes even direct downloads for the archiving applications. The stolen data also supposedly contained details about the crypto exchange Coinbase and the Canadian financial institution Scotiabank.
The Verge reached out to TeleMessage’s parent company, Smarsh, with a request for more information but didn’t immediately hear back.
