(Credit: Win McNamee / Staff / Getty Images News via Getty Images)
UPDATE 5/6: Following 404Media's report, TeleMessage's parent company, Smarsh, temporarily disabled all of its services and removed mentions of Signal from the TeleMessage website.
"TeleMessage is investigating a potential security incident. Upon detection, we acted quickly to contain it and engaged an external cybersecurity firm to support our investigation," a Smarsh spokesperson tells CNBC. "Out of an abundance of caution, all TeleMessage services have been temporarily suspended."
Original Story 5/5:
The company that makes an unofficial version of Signal used by Trump administration officials has been hacked, 404Media reports.
Former National Security Advisor Mike Waltz was using a cloned Signal app developed by TeleMessage, an Israeli company that sells modified versions of messaging apps to the US government, which allow users to archive messages.
At a May 1 cabinet meeting, Waltz's phone was photographed open to TeleMessage. A closer look at the image suggests that Vice President JD Vance and Director of National Intelligence Tulsi Gabbard also use the app.
According to 404Media, the anonymous hacker failed to get access to messages shared by Waltz and other cabinet members. However, they did steal data related to Customs and Border Protection (CBP), cryptocurrency giant Coinbase, and other financial institutions that use clones.
Some of the stolen data includes names and contact information of government officials, indications of which government agencies and private companies might be using TeleMessage's services, and usernames and passwords for TeleMessage's backend panel.
The hacker even used the stolen credentials to send a message to a Signal group that was actively discussing the cryptocurrency bill. If they wanted to, they could have accessed more messages stored by TeleMessage, the report adds, raising concerns about the security of apps used by top US officials and the classification of messages they share.
"I would say the whole process took about 15-20 minutes," the hacker tells 404Media. "It wasn't much effort at all."
The report follows the "Signalgate" screw-up in March. Waltz accidentally added the Editor-in-Chief of The Atlantic, Jeffrey Goldberg, to a Signal group chat that discussed war plans in Yemen. Trump officials initially defended Waltz, but the Pentagon ordered an investigation.
Last week, Waltz was removed from his position as the National Security Advisor and appointed US ambassador to the United Nations, which President Trump says is an "upgrade."