Congressman says hack of his Signal account proves app is unsecure. Is it true?

0
Congressman says hack of his Signal account proves app is unsecure. Is it true?

A Nebraska congressman is once again accusing the end-to-end encrypted messaging app Signal of being unsecure, weeks after initially revealing his account had been compromised by Russian hackers.

In a post on X, Rep. Don Bacon, the chairman of the House Armed Services Cyber, Information Technologies, and Innovation subcommittee, questioned the app’s security while weighing in on a story in The Atlantic regarding the use of Signal among Trump administration officials.

“Signal is not secure and not good for sensitive communications,” Bacon, a Republican who is not seeking re-election this year, wrote. “I was notified by law enforcement and House cyber experts that Russia hacked my Signal months ago.”

Bacon first revealed the hack during a cybersecurity conference last month in Washington, when he said he had been informed that Russian government-linked operatives had compromised his Signal account “four to five months” earlier.

In remarks to Politico at the time, Bacon said the hackers posed as a close acquaintance to take over his account. While details were scarce, the incident he described bears the hallmarks of a spearphishing attack.

FBI alert

Bacon’s tweet Wednesday came just days after the FBI issued an alert warning that Russian hackers have targeted “individuals of high intelligence value” through similar means. The FBI said the hackers posed as Signal customer support employees in order to trick targets into handing over their Signal backup recovery keys. That would enable a hacker to load a copy of a user’s messages onto a new device.

In April, the German news website Der Spiegel reported that the tactic had allowed the Russians to compromise more than 300 accounts in the country, including those of high-profile politicians. It remains unclear how many users the hacking campaign has compromised worldwide.

07 March 2026, Bavaria, Munich: The Signal app logo can be seen on the display of a smartphone on March 7, 2026, while a finger taps on the application icon. Signal is a free messenger for encrypted online communication from the US non-profit Signal Foundation. It is known above all for its data economy and end-to-end encryption and has been recommended several times by security experts and data protection organizations. (index finger, symbol image, symbol photo, illustration, symbolic photo, illustrative photo, theme image, general image, theme photo) Photo: Matthias Balk/dpa (Photo by Matthias Balk/picture alliance via Getty Images

Signal responded in March by introducing several new notifications, including one warning users that “Signal will never message you for a registration code, PIN or recovery key.”

Despite concerns over the safety of Signal, the hacks have relied entirely on tricking users, not on exploiting Signal’s security. No evidence has shown Signal’s end-to-end encryption to be compromised.

Bacon previously criticized Trump administration officials for using Signal, specifically after they shared sensitive war plans with a journalist last year, when he was inadvertently added to a Signal group chat with Defense Secretary Pete Hegseth, CIA Director John Ratcliffe and others.


Round out your reading

Ella Rae Greene, Editor In Chief

Leave a Reply

Your email address will not be published. Required fields are marked *