TeleMessage Hack Exposes Sensitive Government Communications

A cloned version of the Signal messaging app, TeleMessage, used by former U.S. National Security Adviser Mike Waltz and other officials, was hacked in under 30 minutes, exposing message contents, contact information, backend credentials, and data related to agencies such as Customs and Border Protection and companies like Coinbase. Although no cabinet-level communications were compromised, the breach raised major concerns about the security of government and corporate messaging. TeleMessage, rebranded as Capture Mobile, archives decrypted messages to comply with federal retention rules, but lacks the end-to-end encryption of official Signal, leaving logs vulnerable. The incident follows a separate mishap in which Waltz accidentally invited a journalist into a Signal chat discussing classified U.S. military operations in Yemen, an error that led to his dismissal. Experts criticize the use of unofficial messaging apps and warn that compliance-focused features can undermine security. Signal has publicly distanced itself from TeleMessage, emphasizing that it cannot guarantee privacy for unofficial clones.