Sensitive communications linked to senior U.S. government officials have been exposed after pro-transparency collective Distributed Denial of Secrets (DDoSecrets) published a massive archive of breached data from TeleMessage’s secure messaging app, TM SGNL.
The breach, dated May 4, 2025, targeted Israel-based TeleMessage, which develops TM SGNL—a modified Signal-like platform widely used within U.S. federal agencies for secure communication. According to DDoSecrets, over 410 gigabytes of data from the hack have now been made publicly accessible.
Breach Exploited Missing Encryption in Government Messaging App
Security researchers and transparency advocates were already watching TeleMessage closely after it emerged that former National Security Adviser Mike Waltz had continued to use the app despite signs it was compromised.
The breach exploited a critical vulnerability in TM SGNL’s architecture—a lack of proper end-to-end encryption, which allowed attackers to intercept and access stored chat logs, message metadata, and other application heap dumps.
Security experts note that the absence of end-to-end encryption in a messaging app used by top U.S. officials represents a significant lapse in operational security. The platform’s modified design likely removed key protections available in the original Signal protocol.
Two Hacks Within Days, Exploiting the Same Flaw
Reports suggest two separate intrusions occurred within a short timeframe, both believed to have exploited the same underlying weakness. The attacks resulted in the compromise of archived message data, including plaintext messages, metadata, sender/recipient information, group names, and timestamps.
While not all content was in readable form, DDoSecrets stated that it had extracted usable text from the breached heap dumps to facilitate further analysis by researchers.
DDoSecrets Publishes the Dataset, Restricts Full Access
On May 19, 2025, DDoSecrets announced that it had published the full 410GB data dump online via its public archive. However, due to the inclusion of personally identifiable information (PII) affecting private individuals unrelated to government activity, full access to the dataset is restricted to vetted journalists and researchers.
“Some of the archived data includes plaintext messages while other portions only include metadata,” DDoSecrets stated. “To facilitate research, Distributed Denial of Secrets has extracted the text from the original heap dumps.”
The breach raises critical questions around supply chain security, government software procurement, and the use of modified encryption technologies that fall short of contemporary cybersecurity standards.
TeleMessage Contracts and Government Use Under Scrutiny
Although TM SGNL’s use by U.S. agencies came under scrutiny recently, contracts with TeleMessage date back to at least 2023, well before the current administration. The firm’s messaging services appear to have been widely adopted across agencies dealing with sensitive national security communications.
Given the breach’s exposure of internal discussions—allegedly including deliberations around airstrikes in Yemen—concerns about both the security and oversight of government communication platforms have grown.
No formal response from TeleMessage or affected agencies has been issued as of this writing. The identity of the threat actor remains unconfirmed.
