TeleMessage suspends services after hackers say they breached app

TeleMessage, the app that President Donald Trump’s former national security adviser, Mike Waltz, appeared to use to archive his group chats, has suspended all services after hackers claimed to have stolen files from it.

A spokesperson for Smarsh, the company that owns TeleMessage, said Monday that the company “is investigating a potential security incident. Upon detection, we acted quickly to contain it and engaged an external cybersecurity firm to support our investigation.”

“Out of an abundance of caution, all TeleMessage services have been temporarily suspended,” the spokesperson said.

The app, which uses encryption technology similar to that of the popular messaging service Signal but also offers government agencies and companies a way to back up copies of chats for compliance purposes, first came under public scrutiny after Waltz appeared to be using it during a Cabinet meeting last week. 

His use of the app reignited concerns about the security of his communication methods that were sparked by the “Signalgate” controversy, in which he accidentally invited a journalist into a Signal chat of top administration officials as it planned military strikes on Houthis in Yemen. 

Signal automatically encrypts messages as they travel between users. But the details around TeleMessage’s encryption and security protocols aren’t fully clear.

Even though Signal is highly regarded by cybersecurity experts, the federal government has specific systems and protocols for the transmission of sensitive information and messages. Officials are expected to use intranet systems that are almost entirely closed off from the rest of the digital world, to prevent the potential breach of information via physical theft of a compromised mobile device.

Several government agencies, including the Department of Homeland Security, the Department of Health and Human Services, the Department of Treasury and the U.S. International Development Finance Corporation, appear to have active contracts with TeleMessage or other companies to use TeleMessage’s services, according to government records reviewed by NBC News.

On Sunday evening, a hacker credibly claimed to NBC News to have broken into a centralized TeleMessage server and downloaded a large cache of files. As evidence, the hacker provided a screenshot of TeleMessage’s contact list of employees at the cryptocurrency broker Coinbase, which uses TeleMessage.

A Coinbase spokesperson confirmed to NBC News that the screengrab was authentic, but stressed that Coinbase had not been hacked and that none of its customers’ data had been affected.

“At this time, there is no evidence any sensitive Coinbase customer information was accessed or that any customer accounts are at risk, since Coinbase does not use this tool to share passwords, seed phrases, or other data needed to access accounts,” the Coinbase spokesperson said.

The hacker told NBC News they have not fully sifted through the hacked files yet, and it is unclear if they include sensitive conversations from the U.S. government.

Separately, a different hacker told the tech news publication 404 Media that they had also hacked TeleMessage and provided significant evidence. NBC News has not interacted with that hacker.

It was not immediately clear if additional hackers have accessed TeleMessage files.