Skip to content
Tech News
← Back to articles

Hackers are trying to steal Signal users’ backups in new wave of widespread attacks

2026-05-28 | original
read original get Signal Encrypted Backup Device → more articles
Why This Matters

This new wave of hacking attacks highlights the ongoing cybersecurity challenges faced by encrypted messaging platforms like Signal. It underscores the importance for users to remain vigilant against phishing scams that attempt to steal sensitive backup recovery keys, which could compromise their privacy and security. For the tech industry, it emphasizes the need for continuous improvements in user authentication and scam prevention measures to protect user data.

Key Takeaways

Hackers are targeting Signal users in an attempt to steal their chat backups as part of a new hacking campaign, TechCrunch has learned.

On Wednesday, Washington Post analyst Josh Rogin posted a screenshot of a new kind of attack against Signal users, where hackers pretend to be the app’s support team and warn the target that their backed-up chats and media are “at risk of permanent loss due to a sync issue.” To avoid that, the message said, the target needs to share the recovery key that is used to access their online backups in the chat with the hackers.

“This links your existing backup to your account. Failure to do this may result in losing access to your account and all stored data,” read the message purporting to come from an account called Signal Support.

This is a phishing attempt. If you get this message on Signal, do not follow the instructions. Many anti-CCP activists have also received this phishing attempt. Beware and be aware. pic.twitter.com/8J1YDcpUAX — Josh Rogin (@joshrogin) May 27, 2026

Rogin said that several anti-Chinese Communist Party activists have received this malicious message.

Mohammed Al-Maskati⁩, the director at Access Now’s Digital Security Helpline, which investigates cyberattacks against journalists, dissidents, and human rights activists, told TechCrunch that two people shared similar messages with him. Al-Maskati said that the two are not Chinese activists. This suggests that the hacking campaign could be more widespread and targeting other communities, or there may be different groups of hackers using the same strategy.

It’s not clear how effective the hacking campaign has been. Al-Maskati said that stealing the victim’s recovery keys for their chat backups is only one step in the attack, and that the hackers still have to take over the victim’s account.

“We’re working on mitigations here, and monitoring,” Signal president Meredith Whittaker told TechCrunch.

In general, this type of attack relies on phishing targets, meaning tricking them into sharing some important and private information with the hackers. In this particular case, the hackers are pretending to be Signal’s support team to exploit the target’s trust in the app and the organization behind it.

It’s important to note that Signal says it “will never reach out” to users first, and will never ask for their registration code, PIN, or recovery key. That means any chat pretending to be coming from “Signal Support” is actually coming from malicious hackers. The organization publicly warned about this exact type of attack last month.

... continue reading

Explore topics: signal hacking access now phishing chat backups
Related:
Someone used my open source project to phish 14,000 people
Someone used my open source project to phish people
There’s a Hidden Signal in the Sun, Study Suggests
Hackers are trying to steal Signal users’ backups in new wave of phishing attacks
BTMOB Android malware service generates custom phishing payloads

© 2026 GoKawiil

About | Editorial Policy | Contact