A critical vulnerability in TeleMessage, a company that offers modified versions of popular encrypted messaging apps like Signal, Telegram, and WhatsApp, has been exploited by a hacker to extract sensitive data of US government officials and companies. According to a report by 404 Media, the hack exposed archived messages, contact information, and backend login credentials, among other sensitive data.

TeleMessage, an Israel-based company owned by Smarsh, provides its clients with a way to archive messages, including voice notes, from encrypted apps. The company came under scrutiny last week after it was reported that former US National Security Adviser Mike Waltz was using TeleMessage's modified version of Signal. While the messages of cabinet members and Waltz were not compromised, the hacked data contained contents of messages, contact information of government officials, and more.

The hack also revealed that the archived chat logs are not end-to-end encrypted between the modded version of Signal that TeleMessage offers and the ultimate location where it stores the messages. This lack of encryption raises serious concerns about the security of sensitive data handled by TeleMessage. The company's clients include government agencies, financial institutions, and other organizations that handle sensitive information.

The extracted data pertains to several high-profile organizations, including the US Customs and Border Protection, crypto exchange Coinbase, and financial service providers like Scotiabank. The implications of this breach are far-reaching, as it could compromise national security and put sensitive financial information at risk.

Notably, Smarsh, Signal, US Customs and Border Protection, Coinbase, and Scotiabank did not immediately return requests for comment on the matter. The lack of response from these organizations raises questions about their preparedness to handle such security breaches and their commitment to transparency.

This incident highlights the importance of robust security measures and encryption protocols in the handling of sensitive data. It also underscores the need for organizations to be transparent about their security practices and to take immediate action in the event of a breach. As the use of encrypted messaging apps continues to grow, it is essential that providers like TeleMessage prioritize security and protect their clients' data.

The full extent of the damage caused by this breach is still unknown, and it remains to be seen how TeleMessage and its clients will respond to this incident. However, one thing is clear: the security of sensitive data must be taken seriously, and organizations must be held accountable for any lapses in their security protocols.