Hackers Breach Signal Clone Used By Trump Administration, Exposing Archived U.S. Government Messages

Breached Company

Breached Company

6 min read
Hackers Breach Signal Clone Used By Trump Administration, Exposing Archived U.S. Government Messages
Photo by Azamat E / Unsplash

In a significant cybersecurity incident with potential national security implications, hackers have breached TeleMessage, an Israeli company that provides modified versions of popular encrypted messaging apps, including a Signal clone reportedly used by high-ranking Trump administration officials. The breach, which occurred earlier this week, has exposed archived government messages and raised serious questions about the security of communications at the highest levels of the U.S. government.

The Trump Administration’s Signal Controversy: Security Breach and Its Aftermath
In late March 2025, the Trump administration found itself embroiled in a significant controversy when top officials, including Defense Secretary Pete Hegseth and Vice President JD Vance, were revealed to have used the encrypted messaging app Signal to discuss sensitive military operations. The situation escalated when it was discovered that
Breached CompanyBreached Company

The Breach

According to reports from tech news outlet 404 Media, a hacker gained access to TeleMessage's backend systems and extracted sensitive data, including archived messages from the company's modified Signal app and other messaging platforms like WhatsApp, Telegram, and WeChat. The hacker claims they were able to breach the system in just "15 to 20 minutes," suggesting significant vulnerabilities in the platform's security infrastructure.

"It wasn't much effort at all," the hacker told 404 Media. "If I could have found this in less than 30 minutes then anybody else could too."

In response to the breach, Smarsh, the Oregon-based company that acquired TeleMessage in 2024, has temporarily suspended all TeleMessage services and launched an investigation with the help of an external cybersecurity firm.

Security Concerns Mount as DNI Tulsi Gabbard’s Password Practices Come to Light
In an era where cybersecurity threats loom larger than ever, revelations about password practices of top government officials raise serious concerns about national security. A recent Wired investigation has uncovered that Tulsi Gabbard, the current Director of National Intelligence (DNI), repeatedly used the same weak password across multiple personal online
Breached CompanyBreached Company

What Was Exposed

While the hack reportedly did not compromise messages from cabinet members or Trump administration officials directly, it did expose:

  • Archived chat logs from various organizations
  • Contact information of U.S. government officials
  • Backend login credentials for TeleMessage's systems
  • Data related to the U.S. Customs and Border Protection agency
  • Information from cryptocurrency exchange Coinbase and other financial institutions

Perhaps most concerning, the breach revealed that archived chat logs were not end-to-end encrypted between the modified version of Signal and the archive destination controlled by TeleMessage customers, creating a significant security vulnerability.

The Signal Clone at the Center of Controversy

TeleMessage's modified version of Signal, known as "TM SGNL," made headlines last week when a Reuters photograph showed former National Security Adviser Mike Waltz using the app during a cabinet meeting. The image revealed message threads with contacts labeled "JD Vance," "Rubio," and "Gabbard" - seemingly referring to Vice President JD Vance, Secretary of State Marco Rubio, and Director of National Intelligence Tulsi Gabbard.

TeleMessage markets itself as a compliance solution for government agencies and businesses that need to archive communications while maintaining security. The company claims its modified apps preserve the security features of the original applications while adding archiving capabilities to meet regulatory requirements.

However, the official Signal team has distanced itself from the modified version. In a statement to 404 Media, Signal noted: "We cannot guarantee the privacy or security properties of unofficial versions of Signal."

PRECEDENT-SETTING WIN: Jury Awards Massive $167 Million in Punitive Damages Against NSO Group
A landmark victory against the notorious Pegasus spyware maker sends shockwaves through the surveillance industry In a groundbreaking decision that could reshape the commercial spyware landscape, a federal jury in California has ordered Israeli surveillance company NSO Group to pay a staggering $167.3 million in punitive damages for hacking
My Privacy BlogMy Privacy Blog

The Signalgate Connection

This breach comes on the heels of what has become known as "Signalgate," a major political scandal from March 2025 when Waltz inadvertently added Jeffrey Goldberg, editor-in-chief of The Atlantic, to a Signal group chat discussing military operations against Houthi targets in Yemen.

That incident triggered congressional inquiries and raised serious questions about the administration's handling of sensitive information. Days after the Signalgate controversy, President Trump reportedly discouraged staff from using Signal. Yet the Reuters photograph from last week's cabinet meeting suggested that administration officials, including Waltz, had continued to use messaging apps for sensitive communications - albeit with the TeleMessage version that supposedly addressed record-keeping requirements.

Technical Vulnerabilities

Software engineer and journalist Micah Lee, who analyzed the source code of the TM SGNL app after it was leaked online, found several vulnerabilities, including hardcoded credentials. These security flaws potentially made the app an easier target for hackers.

TeleMessage's version of Signal works by creating a modified clone of the open-source app. While the official Signal app ensures that only the sender and intended recipient can read messages through end-to-end encryption, TeleMessage's version appears to add a third party to conversations so it can send messages to a storage archive.

"The only difference is the TeleMessage version captures all incoming and outgoing Signal messages for archiving purposes," the company claims in its promotional materials. However, the hack revealed that these archives were not properly secured.

Government Contracts and Usage

TeleMessage has had contracts with the U.S. government that predate the current Trump administration. According to NBC News, one current contract allocated $2.1 million from the Department of Homeland Security and FEMA for "TELEMESSAGE MOBILE ELECTRONIC MESSAGE ARCHIVING," beginning in February 2023 with an August 2025 end date.

Tom Padgett, president for enterprise business at Smarsh, told NBC News that the company works with "the federal government in a myriad of different departments" and that "we merely help our customers adhere to regulations."

National Security Implications

The breach raises serious concerns about the security of high-level government communications and the potential exposure of sensitive information. While there's no evidence that classified information was directly compromised in this particular breach, the incident demonstrates how altering secure tools for compliance purposes can introduce dangerous vulnerabilities.

The irony is striking: in attempting to address one concern (record-keeping requirements), the modified app may have created a more significant security risk by breaking the end-to-end encryption that made Signal secure in the first place.

Waltz's Status

This breach comes at a pivotal moment for Mike Waltz, who was recently removed as National Security Adviser. On May 2, President Trump announced that he would nominate Waltz to serve as the next U.S. Ambassador to the United Nations. The timing has raised questions about whether Waltz's continued use of messaging apps for sensitive communications, despite the previous Signalgate controversy, may have contributed to his reassignment.

Broader Cybersecurity Questions

This incident highlights the tension between security and compliance in government communications. U.S. government officials are required to preserve their communications to comply with data retention laws. However, those laws create a challenge when officials also have to adhere to stringent security protocols.

Cybersecurity experts warn that modifying secure applications, even for legitimate compliance purposes, can introduce critical vulnerabilities. As one tech analyst put it: "Tweak a secure system for oversight, and you might just break the very protections that made it trustworthy in the first place."

What's Next

The full impact of this breach is still unfolding. Smarsh and TeleMessage are continuing their investigation, and there may be congressional inquiries into the security practices of high-ranking government officials.

This incident serves as a stark reminder of the challenges in balancing security, privacy, and regulatory compliance in an increasingly digital government - and the potentially serious consequences when that balance isn't maintained.

This article was produced based on reporting from multiple sources including 404 Media, Reuters, TechCrunch, SiliconANGLE, and Tech Startups.

Read more

DOGE Software Engineer's Computer Infected by Info-Stealing Malware: A Deep Dive into the Incident and Its Implications

DOGE Software Engineer's Computer Infected by Info-Stealing Malware: A Deep Dive into the Incident and Its Implications

Introduction On May 8, 2025, Ars Technica reported a significant cybersecurity incident involving a software engineer affiliated with the Department of Government Efficiency (DOGE), a controversial initiative led by tech billionaire Elon Musk. The engineer's computer was infected with information-stealing malware, raising alarms about the security of sensitive

By Breached Company