Israeli Messaging App Used by Former Trump Adviser Mike Waltz Hacked, Says Report

• A hacker has breached TeleMessage, a modified version of Signal, and stolen customer data.
• The attacker accessed some users’ archived group chats and direct messages.
• This breach has raised significant concerns about the security of communication channels used at the highest levels of government.

A modified version of the encrypted messaging platform Signal, reportedly used by former National Security Adviser Mike Waltz, has been hacked. The compromised platform, TeleMessage, is a communication tool tailored for government use, designed to archive messages for regulatory compliance. 

The hacker, whose identity remains unknown, claimed to have infiltrated TeleMessage's backend systems, intercepting data from some of its users’ archive group chats and direct messages. The information was stolen from the Signal clone, but also from altered WhatsApp, Telegram, and WeChat versions.

Screenshots acquired by 404 Media reportedly reveal details linked to U.S. Customs and Border Protection (CBP), Coinbase, and several financial institutions. 

Importantly, however, the hacker stated that they did not access messages of top officials, including Waltz, or his communications with others like Senator Marco Rubio and Representative Tulsi Gabbard.

TeleMessage recently gained unwanted attention after Waltz, during a cabinet meeting with former President Trump, was photographed using the platform to exchange sensitive information about U.S. military operations in Yemen. 

Compounding the controversy, Waltz accidentally added a journalist to a confidential chat group regarding these military updates. He was subsequently dismissed from his role, further fueling criticism over communication protocols within government offices.

Unlike Signal, which uses end-to-end encryption to ensure communications remain private even from servers that route the messages, TeleMessage’s design compromises these protections. Built to archive decrypted communications for regulated entities and government compliance, its system introduces a level of vulnerability.

Experts have warned that these additional layers, while addressing documentation requirements, risk creating exploitable entry points when improperly implemented.

Signal itself released a statement reiterating that unauthorized versions of its app, such as TeleMessage’s modified system, inherently lack Signal’s robust privacy guarantees. Security advocates are alarmed by the evident vulnerability in platforms used for sensitive government communication, particularly given the high stakes attached to breaches in such data. 

Attempts to obtain comments from TeleMessage's parent company, Smarsh (based in Portland, Oregon), Waltz, or relevant White House officials have so far gone unanswered, Reuters says. Reuters has been unable to independently verify the details provided by 404 Media.