Signal Clone Used By Trump Officials Reportedly Breached — Hacker Says It Took 20 Minutes

A hacker breached TeleMessage, a government-approved messaging app used by Trump administration officials, exposing archived communications from the platform’s modified version of Signal, 404 Media reported.

TeleMessage modifies popular encrypted apps like Signal, WhatsApp and Telegram to comply with federal archiving rules, and was recently thrust into the spotlight after former National Security Advisor Mike Waltz was photographed using the service at a cabinet meeting. The breach allowed the attacker to extract sensitive data belonging to Customs and Border Protection (CBP) officials, cryptocurrency exchange Coinbase and crypto lobbyists involved in promoting legislation in the Senate, according to the outlet. (RELATED: Trump Nominates Mike Waltz For UN Ambassador, Confirms He’ll No Longer Serve As National Security Advisor)

“I would say the whole process took about 15-20 minutes,” the hacker told 404 Media. “It wasn’t much effort at all … If I could have found this in less than 30 minutes then anybody else could too. And who knows how long it’s been vulnerable?”

The hacker reportedly did not access messages belonging to cabinet officials or Waltz himself.

The data reportedly includes group chat contents, direct messages, phone numbers, email addresses and internal credentials scraped from TeleMessage’s backend system. One exposed conversation, allegedly tied to crypto firm Galaxy Digital, revealed real-time discussions about legislative whip counts for a cryptocurrency bill — chatter that included mentions of Democratic Senators Angela Alsobrooks and Kirsten Gillibrand, the outlet reported.

The breach, reportedly hosted through a vulnerable Amazon Web Services endpoint, appears to have exposed select communications from multiple federal agencies and financial institutions. One screenshot, verified by 404 Media, listed nearly 750 names and contact details associated with CBP. Another reportedly displayed metadata from Coinbase and Scotiabank, including contact information of current and former employees.

TeleMessage, a subsidiary of U.S.-based Smarsh headquartered in Israel, markets itself as a “secure, compliant messaging solution” for archiving encrypted communications. But by inserting a third-party archive server between sender and recipient, the company seems to have effectively stripped Signal of its core privacy feature: end-to-end encryption. TeleMessage scrubbed its website following media coverage about the reported breach, web archives confirm.

The report compounds ongoing scrutiny of Waltz, who made headlines last month for accidentally adding Atlantic editor-in-chief Jeffrey Goldberg to a Signal group chat discussing U.S. military activity in Yemen. The photo of Waltz using the app in the White House first tipped reporters off to TeleMessage. (RELATED: White House Confirms Hegseth, Waltz & Co. Accidentally Leaked War Planning To Journalist)

Neither TeleMessage nor the White House immediately responded to the Daily Caller News Foundation’s request for comment. Anna Kelly, deputy White House press secretary, previously told NBC News “Signal is an approved app for government use” but didn’t clarify whether modified versions like TeleMessage’s fall under that umbrella.

All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact [email protected].