Hack of TeleMessage Signal Clone Exposes U.S. Officials’ Data and Deepens “SignalGate” Fallout

A hacker has breached TeleMessage, the Israeli-built service that supplies modified versions of Signal, WhatsApp and other popular messengers to U.S. government agencies. The intrusion unlocked portions of TeleMessage’s unencrypted archive files, exposing message content, login credentials and the personal contact details of Customs and Border Protection (CBP) officials, among others.

Why TeleMessage Matters

TeleMessage’s selling point is an “archive-first” rebuild of encrypted chat apps. Instead of true end-to-end encryption, every message is silently copied to a central server so departments can meet federal record-keeping rules. Critics say that design trade-off also creates a single point of catastrophic failure—exactly what appears to have happened.

The Waltz Connection

TeleMessage vaulted into the headlines after a Reuters photograph showed recently ousted National Security Adviser Mike Waltz checking his phone during a cabinet meeting; the zoomed-in image clearly displayed TM SGNL, TeleMessage’s Signal clone. Waltz was already under scrutiny for accidentally adding The Atlantic’s editor-in-chief to a Signal group chat that discussed imminent U.S. air-strikes on Houthi militants in Yemen—a blunder that forced the White House to reshuffle its national-security team and sparked a Pentagon inspector-general investigation into off-books messaging.

What the Hacker Found

The attacker extracted:

• Unencrypted logs of some direct and group messages

• API keys and administrator passwords for TeleMessage’s backend

• Names, government e-mail addresses and mobile numbers of CBP personnel

Reporters rang several of the listed numbers; two officials confirmed their identities, corroborating the data’s authenticity. Although no messages belonging to Waltz or cabinet-level figures were in the cache, cybersecurity analysts warn that the exposed system credentials could have enabled far deeper surveillance if left undiscovered.

Corporate Silence and a Vanishing Website

Soon after journalists asked TeleMessage for comment, the company scrubbed its website of product descriptions and direct-download links. By Monday evening, parent firm Smarsh announced it was “temporarily suspending all TeleMessage services while we conduct a thorough investigation,” but declined to confirm how many clients were affected. TeleMessage’s apps are not authorised under the U.S. government’s FedRAMP cloud-security programme, raising questions about procurement channels that allowed the software onto senior officials’ devices at all.

Wider Repercussions

The breach comes as Defence Secretary Pete Hegseth faces his own inquiry over extensive use of standard Signal chats—including one that featured his wife—to coordinate sensitive Pentagon business. Together, the incidents have fuelled bipartisan calls on Capitol Hill for a unified, government-wide secure-messaging platform and harsher penalties for officials who sidestep official systems.

What Happens Next?

• The Department of Homeland Security has begun notifying CBP employees whose details were exposed and is assessing whether operational information was compromised.

• Smarsh says an outside forensics team is “on site” and will report findings to the Cybersecurity and Infrastructure Security Agency.

• House Oversight Committee chair Rep. Sheila Jackson Lee has scheduled a 15 May hearing titled “Shadow Comms: The Perils of Rogue Encryption Clones in Federal Service.”

Bottom Line

TeleMessage pitched itself as a compliance fix for the modern encrypted workplace. Instead, its design opened a backdoor that an opportunistic hacker—and, potentially, hostile intelligence services—could walk right through. For Washington, already reeling from the SignalGate saga, the lesson is blunt: bolting an archiving engine onto consumer apps may satisfy paperwork rules, but it shreds the very security those apps were chosen for in the first place.

Photo Credit: DepositPhotos.com