Hackers breached Signal clone used by Trump admin, exposing archived U.S. government messages

Hackers have breached TeleMessage, an Israeli company that builds custom versions of messaging apps like Signal, WhatsApp, and Telegram for clients including the U.S. government. The stolen data includes the contents of some direct messages and group chats sent through these modified platforms, according to a report from 404 Media.

“The data stolen by the hacker contains the contents of some direct messages and group chats sent using its Signal clone, as well as modified versions of WhatsApp, Telegram, and WeChat. TeleMessage was recently the center of a wave of media coverage after Mike Waltz accidentally revealed he used the tool in a cabinet meeting with President Trump,” 404 Media reported.

According to WikiLeaks, the hacker gained access to TeleMessage’s backend admin panel using credentials pulled from previously intercepted data. The breach exposed archived chat logs and contact information tied to U.S. officials.

TeleMessage Hacked: Israeli Firm’s Modified Signal App Exposes Archived U.S. Government Messages

This isn’t just a case of a vendor being compromised. It highlights a deeper issue: the modified version of Signal used by some government agencies didn’t preserve the end-to-end encryption Signal is known for. Messages were reportedly unencrypted between the app and the archiving system controlled by TeleMessage customers. In plain terms, once stored, messages could be read.

The original Signal team distanced itself from the breach. In a statement to 404 Media, Signal said:

“We cannot guarantee the privacy or security properties of unofficial versions of Signal.”

The modified app was reportedly adopted by U.S. agencies during the Trump administration, though how widely it was used—or whether it’s still in use—is unclear.

The Israeli company behind the modified Signal app used by the Trump administration has been hacked.

TeleMessage’s backend panel was accessed using credentials found in intercepted data. The hacker exposed archived messages and contact info for U.S. officials.

The hack reveals… pic.twitter.com/UgEDJRrr3H

— WikiLeaks (@wikileaks) May 5, 2025

Screenshot of exposed government email addresses

TeleMessage promotes its tools as compliance solutions, designed to capture and store communications across platforms like WhatsApp, SMS, and Signal. These services appeal to sectors like finance and government, where message archiving is often required. But this breach shows that altering secure tools for compliance can introduce dangerous vulnerabilities, especially when backend systems are left exposed.

The hacker reportedly accessed data from the company’s Signal clone and from other modified apps, including Telegram, WhatsApp, and WeChat. Screenshots reviewed by 404 Media show references to U.S. Customs and Border Protection, Coinbase, and other financial organizations.

TeleMessage made headlines recently after Rep. Mike Waltz mentioned using the app during a cabinet meeting with then-President Donald Trump. Waltz’s contacts on the platform included figures like Marco Rubio, Tulsi Gabbard, and JD Vance. While the hacker didn’t access those specific conversations, the breach revealed that archived chats weren’t end-to-end encrypted after capture, meaning they were vulnerable to exposure inside the customer’s system.

This breach isn’t just a black eye for one tech vendor. It’s a warning: tweak a secure system for oversight, and you might just break the very protections that made it trustworthy in the first place.