The Signal Chat Saga: A Tale of Blunders, Hacks, and Broken Encryption Promises

The story of a Signal group chat, where top U.S. officials discussed plans for strikes on Houthi targets in Yemen, has become a case study in operational clumsiness.

The Signal Chat Saga: A Tale of Blunders, Hacks, and Broken Encryption Promises The chat, meant to be a secure space for senior Trump administration figures, inadvertently included The Atlantic editor-in-chief Jeffrey Goldberg, exposing sensitive military plans. Even more alarming was the use of a public commercial app for such classified discussions — a decision that raised eyebrows across Washington. While the incident initially sparked outrage, the controversy was quickly downplayed.

On May 1, 2025, National Security Adviser Mike Waltz, who added the journalist to the chat, was ousted from his role.

That same day, he was photographed using a modified version of Signal called TM SGNL, developed by the Israeli company TeleMessage, reigniting concerns about the security of government communications.

The Signal Chat Saga: A Tale of Blunders, Hacks, and Broken Encryption Promises TeleMessage markets modified versions of popular messaging apps — Signal, Telegram, WhatsApp, and WeChat — tailored for corporate and government use.

The company claims these versions are safer and compliant with stringent security policies, boasting the same end-to-end encryption as the original apps to ensure the privacy of communications. However, this promise unraveled spectacularly in early May 2025.

On May 4 and 5, TeleMessage’s servers were breached by two separate hackers, with one revealing to Micah Lee of Distributed Denial of Secrets that the hack took less than 20 minutes due to a basic misconfiguration.

Lee’s subsequent analysis of TM SGNL’s source code, published on May 6, confirmed a damning truth: the app lacked end-to-end encryption, despite TeleMessage’s claims, sending messages to an archive server in plaintext and making them accessible to the company.

The fallout deepened on May 19 when DDoSecrets published 410 GB of server heap dumps from the May 4 hack, further exposing TeleMessage’s security flaws. The dumps contained plaintext messages, definitively proving the absence of the promised encryption.

The Signal Chat Saga: A Tale of Blunders, Hacks, and Broken Encryption Promises Due to the sensitive nature of the data, which includes personally identifiable information, DDoSecrets restricted access to journalists and researchers, removing message texts from the shared dataset.

However, the leak revealed that numerous U.S. officials, including Director of National Intelligence Tulsi Gabbard and Vice President JD Vance, had used TM SGNL, raising fears of a national security crisis.

Senator Ron Wyden called TeleMessage a “serious threat to U.S. national security,” urging the Department of Justice to investigate.

Also read:

Given DDoSecrets’ radical commitment to transparency, the potential for more leaks looms large. With such high-profile figures involved, the stage is set for a wave of new scandals as the unencrypted chats of government officials could soon surface.

This saga underscores a harsh lesson: when it comes to secure communications, trusting third-party claims without rigorous vetting can lead to catastrophic breaches — especially when national security is on the line.