Security Trybe

A response to recent reporting in Germany, in service of clarity and accountability: First, it’s important to be precise when it comes to critical infrastructure like Signal. Signal was not “hacked” — in that our encryption, infrastructure, and the integrity of the app’s code was not compromised. However, sophisticated attackers have engaged in a harmful phishing campaign, posing as “Signal Support” by changing their profile display name and using social engineering to trick people into handing over their credentials — information that allowed these attackers to take over some targeted Signal accounts. This is something that plagues any mainstream messaging app once it reaches the scale of Signal, but we know how high the stakes are given the trust people place in us. In the coming weeks, you’ll see us rolling out a number of changes to help hinder these kinds of attacks. Because we don’t collect user data, what we know about these attacks comes from the victims of phishing. And from what victims have told us, the attacks followed a broad pattern: after tricking people into revealing their Signal credentials, attackers then used those credentials to take over their account and also frequently changed the associated phone number. Because such a change results in de-registering your Signal accounts, attackers prepared people for this by telling them that being de-registered was intended behavior, and that all they would need to do is “re-register,” or, create a new account. When they moved to create a new Signal account — one that was now decoupled from their hijacked account — the victims thought they were logging back in to their primary account. As a result, many didn't notice the takeover. The compromised accounts were then weaponized to target the victims' contact lists by posing as the owners of the account. We understand the trust that people put in Signal, and how devastating this kind of social engineering can be. While it’s true that all messaging platforms are susceptible to scammers and phishing that betrays people’s trust and convinces them to “unlock the front door” where no backdoor exists, we are looking to do everything we can to help people avoid and detect such scams. For the time being, please stay vigilant against phishing and account takeover attempts. Remember that no one from Signal Support will ever send you a message request or ask for your registration verification code or Signal PIN. For an added layer of protection, you can enable Registration Lock in your Signal Settings (Account -> Registration Lock).

Edward Snowden said it the best: "When you say 'I don't care about the right to privacy because I have nothing to hide,' that's no different than saying 'I don't care about freedom of speech because I have nothing to say.'" "Simply because you are following the law, doesn't mean that you'll be exempt from governmental interference in your private life."

Proton CEO Andy Yen warns that mandatory online age verification could mean the death of anonymity online. He criticizes systems that force users to upload government IDs, passports, facial scans, or biometrics. These rules, Yen argues, would turn the internet into an ID checkpoint, they create massive databases vulnerable to breaches and enable government surveillance, censorship, and the erosion of free speech. Instead, he calls for privacy-first solutions: on-device age checks that verify without storing data, plus stronger parental controls at the device level.

“One may be lucky today, but tomorrow belongs to discipline.” ~ African Proverb

1/2‼️🇳🇬 The Oyo State Ministry of Trade, Industry, Investment and Cooperatives (oyostatecommerce) has allegedly been breached, with 275,000 commerce identity card images leaked on a popular cybercrime forum for free. ⠀ ‣ Threat Actor: AckLine ‣ Category: Data Leak ‣ Victim: Oyo State Ministry of Trade, Industry, Investment and Cooperatives ‣ Industry: Government / Commerce ⠀ The actor states the data was scraped roughly a year ago and that duplicates were not removed. The leak consists of ID card images issued to traders, farmers, artisans, and other commerce-registered individuals across Oyo State. ⠀ What's in it: ⠀ ▪️ 275,000 ID card images ▪️ Size: 21.5 GB compressed, around 70 GB extracted ▪️ Type: image files (commerce ID cards) ⠀ Fields visible on each card: ⠀ ▪️ Surname and other name ▪️ Date of birth ▪️ Gender ▪️ Business address ▪️ Occupation (farmer, artisan, videographer, phone engineer, etc.) ▪️ ID number ▪️ Card validity date ▪️ Photograph of cardholder

Shout out back to iProfessor! ‼️🇳🇬 Fast Credit Finance Company Limited (fastcredit-ng.com), a Nigerian licensed financial institution regulated by the Central Bank of Nigeria, has allegedly been breached, with 870 GB of loan and financial data up for sale on a popular cybercrime forum, limited to only 5 buyers. ⠀ ‣ Threat Actor: iProfessor ‣ Category: Data Sale ‣ Victim: Fast Credit Finance Company Limited ‣ Industry: Financial Services / Lending ⠀ The actor describes the leak as one of the biggest hacks executed within Nigeria's financial sector, dating the breach to April 2026. They note the dataset includes a significant number of Nigerian police officers and law enforcement personnel. ⠀ What's in it: ⠀ ▪️ 939,887 total records ▪️ 870 GB total size ▪️ Customer information ▪️ Identification documents and scans ▪️ Loan and credit transactions ▪️ Correspondence with customers ▪️ Bank statements ▪️ Contractual agreements ▪️ Next of kin details ▪️ Personal photographs and selfies ▪️ A range of other sensitive and confidential records ⠀ Fields / Content: ⠀ ▪️ Customer PII ▪️ Government-issued ID scans ▪️ Loan and credit transaction records ▪️ Customer correspondence ▪️ Bank statements ▪️ Contracts and agreements ▪️ Next of kin information ▪️ Photographs and selfies ▪️ Records tied to Nigerian police officers and law enforcement personnel

This really is one of the nicest things I've ever looked at.

World's Top 25 Most Common Passwords 1. 123456 2. 123456789 3. 12345678 4. password 5. qwerty123 6. qwerty1 7. 111111 8. 12345 9. secret 10. 123123 11. 1234567890 12. 1234567 13. 000000 14. qwerty 15. abc123 16. password1 17. iloveyou 18. 11111111 19. dragon 20. monkey 21. 123123123 22. 123321 23. qwertyuiop 24. 00000000 25. Password Source: NordPass (2024)

‼️🇳🇬 Approximately 25 million documents have allegedly been exfiltrated from the infrastructure of the Corporate Affairs Commission (CAC) of Nigeria, the government agency responsible for company registrations. ‣ Threat Actor: ByteToBreach ‣ Category: Data Breach ‣ Victim: Corporate Affairs Commission (CAC) / Nigeria Government ‣ Industry: Government ‣ Country: Nigeria ‣ Total Documents: ~25 million ‣ Free Download: 750 GB The threat actor provided 7 proof screenshots documenting the attack stages: ▪️ 1_BREAKTHROUGH ▪️ 2_ESCALATION ▪️ 3_TAKEOVER ▪️ 4_PORTALS ▪️ 5_FULL_ACCESS ▪️ 6_GOV_BETRAYAL ▪️ 7_EXFIL_TIME Around 25% of the files are described as simple corporate signatures, leaving more than 15 million documents of substance. The actor states they tried to upload as much as possible for free but server instability limited the free portion to 750 GB.

Hackers Join here

Set your reminder