DDoSecrets publishes 410 GB of heap dumps, hacked from TeleMessage
a year ago
- #encryption
- #cybersecurity
- #data-breach
- DDoSecrets published 410 GB of data hacked from TeleMessage, an Israeli firm that modifies messaging apps like Signal, WhatsApp, Telegram, and WeChat to archive messages centrally.
- The data contains sensitive PII, so DDoSecrets is sharing it only with journalists and researchers.
- Timeline of events includes: Mike Waltz using TeleMessage's modified Signal (TM SGNL), TeleMessage getting hacked twice in May, and revelations that TeleMessage lied about end-to-end encryption.
- TeleMessage's server vulnerability allowed downloading Java heap dumps containing plaintext chat logs via a public URL.
- The released heap dumps include plaintext messages and metadata like sender/recipient info, timestamps, and group names.
- DDoSecrets has extracted text from the heap dumps to facilitate research.
- The author is investigating the data and highlights DDoSecrets' impactful work, urging donations.