Signal offers many features that increase security for users enormously. But you have to know them and sometimes switch them on in Messenger.
For reasons of comfort and security, it makes sense to activate the so-called PIN for Messenger Signal. This number can not only be used to restore contacts and account settings if you lose or change your device.
Above all, the PIN is also the basis for a registration lock, which prevents strangers from registering with Signal with their own telephone number. Signal generally advises users to turn on the PIN and registration lock.
The messenger service is currently pointing out these security features because a service provider who checks telephone numbers for Signal was recently attacked. 1,900 numbers registered with Signal, including SMS verification codes, were fished out.
The attackers could not have gained access to chats, profile information or contact lists because this data is only stored locally on the device or can only be restored using a PIN (profile and contacts).
However, they could have re-registered phone numbers with the associated SMS verification numbers on other devices and then received and sent messages via the respective account. However, at most one of the 1900 numbers was re-registered. And even this alleged account takeover could have been prevented by an active registration block.
To be on the safe side, Signal has logged off all 1,900 affected accounts from all devices and asked their users to register again. Those affected should also have received an info SMS from Signal.
With the so-called two-step verification, Whatsapp offers a similar PIN protection against unauthorized registration of one’s own account. However, the PIN can be reset by email if you have forgotten it.
With Signal, the PIN cannot be reset or recovered. If you forget your PIN and your registration is blocked, your account will be blocked for seven days.