Last Wednesday, former national security advisor Mike Waltz was photographed at a cabinet meeting using TeleMessage, a modified version of Signal, the encrypted messaging app that has been the source of much ire for the Trump administration. TeleMessage’s key modification to Signal (and other end-to-end encrypted messaging apps like WhatsApp, Telegram, and WeChat) is that it archives messages, putting it in compliance with data retention laws for federal employees. But just because it supports compliance, doesn’t mean it’s secure.
After receiving a wave of media coverage last week, TeleMessage was hacked, 404 Media reported on Sunday. The hacker told 404 that he was able to breach and steal customer data “in 15 to 20 minutes,” including messages sent via the app’s Signal clone. The data includes message contents, the names and contact information of government officials, and TeleMessage usernames and password data. While Mike Waltz’s messages were reportedly not breached, US Customs and Border Protection, Coinbase, and Democratic legislators were reportedly compromised.
Some of the stolen messages were particularly timely. A chat called GD Crypto (apparently related to the crypto firm Galaxy Digital) revealed discussions between the firm and prominent Democrats regarding opposition to the GOP-led effort to create a regulatory framework for stablecoin issuers. One message read: “Just spoke to a D staffer on the senate side – 2 cosponsors (alsobrooks and Gillibrand) did not sign the opposition letter, so they still think the bill has a good chance…” On Saturday, a group of nine Democrats explained their opposition to the bill in a public statement. In accordance with the messages on GD Crypto, Maryland Senator Angela Alsobrooks and New York Senator Kirsten Gillibrand did not sign off on the statement.
The hacker described the whole endeavor as “not much effort at all” to all 404. But even their relatively gentle efforts revealed critical vulnerabilities in the app. And the implications are much broader than Mike Waltz. According to public records, TeleMessage has contracts with dozens of government bodies, including the State Department and the Department of Homeland Security. And the Reuters photograph of Waltz revealed that he was messaging other Trump cabinet members, capturing threads labeled “JD Vance,” “Rubio,” and “Gabbard.” While it’s not clear whether those users were on Signal or TeleMessage, either is possible.
Further, 404 was able to verify that the TeleMessage server that was compromised is hosted on Amazon’s AWS cloud infrastructure in northern Virginia. As 404 points out, simply introducing a third-party server for storage doesn’t preserve the security of end-to-end encryption offered by Signal. And it’s slightly mortifying that all it took for a skilled hacker to confirm this reality was, in the end, “not much effort.”
TeleMessage app was founded in Israel in 1999 and acquired in 2024 by Oregon-based digital communications compliance company Smarsh. TeleMessage Chief Executive and co-founder Guy Levitt declined to comment on 404’s reporting.
Perhaps Waltz was using the tool to message encouragements to Marco Rubio, who stepped in as interim national security advisor in place of Waltz, who was removed from that post last Thursday. President Trump nominated Waltz to serve as the next US ambassador to the United Nations. This transition comes, of course, in the aftermath of “Signalgate,” a series of controversies precipitated by Waltz accidentally inviting The Atlantic’s editor in chief, Jeffrey Goldberg, to a Signal group chat in late March. “Houthi PC Small Group” chat members, including Secretary of Defense Pete Hegseth, discussed a military strike in Yemen as Goldberg watched the messages and their real-life consequences unfold live.
In a continuation of Signalgate, Hegsgeth came under scrutiny again last month, when the Washington Post reported that he not only had Signal installed on his phone, but that he also used a so-called unsecured internet line to bypass Pentagon security and install Signal on a desktop computer.
In early April, the Department of Defense announced it would launch an investigation into SignalGate. That endeavor is still ongoing, and was recently expanded to include Hegsgeth’s use of the app to share military information with his wife and brother.
