The story so far: Russia-based hackers targeted high-profile users in Germany, according to reports from the German media over the past few weeks. Der Spiegel reported that 300 Signal accounts belonging to politically connected individuals were attacked. On May 7, the German outlet said the Signal attacks show that “Putin’s agents in Germany act so brazenly.” Such cyber-attacks were seen as an attack on Signal itself. But the attackers actually used social engineering tactics that depended on the victims’ compliance; it was not a structural breach of Signal’s end-to-end encryption.
Was Signal hacked by attackers?
It is important to distinguish a hacked platform from a hacked user account. In this case, some users were deceived by malicious actors through phishing attacks: a type of cyber-attack that tricks victims into giving up private security data like passwords or PIN numbers.
Signal explained that the attackers changed their own profile pictures and pretended to be part of Signal’s support team in order to steal user credentials. After this, they took over the victim’s account, changed their phone number, and convinced victims that being de-registered was part of this process. This led to victims losing access to their Signal account and being moved to another one, without realising what was happening to their accounts. Then, the attackers impersonated the victim and tried to target those in the victim’s contact list.
While Russia-based cyber-attacks carried out on end-to-end encrypted platforms like Signal, Telegram, and WhatsApp are not new, Signal receives special attention as the application is known for its security-focused infrastructure. Its users include government officials, journalists, activists, and others who handle sensitive information. In 2025, for example, there was an uproar after Jeffrey Goldberg, editor-in-chief of the Atlantic outlet, was added to a Signal chat where senior U.S. government officials were discussing bombings and diplomatic relations.
In February 2026, a Google Threat Intelligence Group report stated that targets for Russian espionage actors were not just Ukrainian tech users, but also international allies of Ukraine.
Meanwhile, The U.S. Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) listed potential targets such as current and former U.S. government officials, military personnel, political figures, and journalists. The U.S. advisory stated that there had been unauthorised access to thousands of user accounts.
What was Signal’s response?
Signal promised to roll out measures to help protect users from such phishing attempts, sparking questions about whether messaging platforms or users should be held accountable in the case of social engineering attacks. Some social media users questioned why the attackers were allowed to impersonate official Signal handles, while others wanted to understand why government officials did not receive better cybersecurity training or access to more secure, non-Signal communication platforms.
On May 12, Signal introduced extra confirmation steps and educational messaging in the app to help users detect fraudulent profiles. The features include “Name not verified” profiles labels, a new confirmation step for message requests, detailed safety tips, and reminders to not trust senders pretending to be from Signal.
The platform has warned users to be vigilant about phishing attacks and account takeover attempts. The company reminded users that no legitimate member of its support team would send message requests or ask for credentials such as their registration verification code and Signal PIN.
Signal account-holders can also make use of the Registration Lock feature via their settings; this enables users to set a PIN for account registration purposes, in addition to SMS-based verification.
“While it’s true that all messaging platforms are susceptible to scammers and phishing that betrays people’s trust and convinces them to “unlock the front door” where no backdoor exists, we are looking to do everything we can to help people avoid and detect such scams,” stated Signal.
How can users protect themselves?
Unlike cyber-attacks that try to breach a platform’s underlying technology, social engineering attacks can be launched with far less technical skill. Rather than destabilising a secure system, they target specific individuals, small groups, or select victims’ accounts. Social engineering attacks involve communication-based tactics such as manipulating the victim, assessing their psychological weaknesses, issuing threats, evoking sympathy, impersonating others, or sending persuasive messages containing harmful links.
The FBI also shared safety advice in its March advisory that warned about ongoing phishing campaigns by cyber actors associated with the Russian Intelligence Services (RIS). It further noted that on the basis of reporting, threat actors specifically targeted Signal accounts.
Some basic security tips they shared include stopping all communication on messaging apps after suspecting a scam, blocking and reporting unknown messages, verifying with friends through alternative channels after receiving “odd” requests from them, enabling message expiration features, screening unknown links before clicking them, monitoring group chat lists for duplicate accounts, and reporting security incidents without delay.
However, a flood of Generative AI tools such as chatbots, deepfake image generators, and voice cloning apps have made it easier than ever for attackers to launch social engineering attacks and for underprepared users — especially children, the elderly, or the vulnerable — to be turned into victims.
Published – May 16, 2026 08:31 am IST
