- The Latest
  Regular reporting on government secrecy, surveillance, and the rights of reporters and whistleblowers.
  - The Classifieds
  - News Releases
- Technology
  Working open source software products to protect journalists, newsrooms, and their sources.
  - SecureDrop
  - Dangerzone
- U.S. Press Freedom Tracker
  A database of press freedom incidents in the United States.
  - Data Visualizations
  - Explore the Database
- Digital Security Education
  Digital security trainings and resources for journalists.
  - Request a Training
  - Guides & Resources
- About Us
  Protecting and defending press freedom when we need it the most.
- Our Team
  - Staff & Contributors
  - Board of Directors
- Transparency
  - Reports & Financials
  - Announcements
- Get in Touch
  - Jobs & Internships
  - Contact Us
Take action
Donate

PSA: Signal backup hijacking attack

Published June 3, 2026 Updated June 3, 2026 / Dr. Martin Shelton

Freedom of the Press Foundation, (CC BY 4.0)

The Digital Security Digest, by Freedom of the Press Foundation (FPF), is a weekly newsletter with security tips that keep you, your sources, and your devices safe. If someone shared this newsletter with you, please subscribe here.

Attackers target Signal’s backup recovery keys

For months, we’ve seen example after example of hackers attempting to hijack Signal users’ accounts and communications. In this type of social engineering attack, hackers will typically impersonate Signal itself by calling themselves “Signal Support” or a similar name. Then they will try to convince users that their account is at risk, and tell them they need to type in a PIN sent to their phone or scan a QR code. In fact, these recovery methods would give attackers access to the target’s account.

TechCrunch reports a new spin on these types of scams. Attackers will impersonate Signal’s support team and urge targets to fix an issue with how their app syncs messages and media. They tell users that all they have to do is go into settings, copy a backup recovery key, and paste it into a message to the attacker. If the attacker were to get access to a user’s account by recovering it with an account PIN, this would help them to also recover their current messages. Read more.

What you can do

Remember: Signal isn’t going to message you. Report and move on. Signal says, “If anyone contacts you within Signal claiming to be a chat bot, security, support or representative from Signal, it is a SCAM and phishing attempt.” There are many types of scams that people can run using Signal, but you don’t really need to know every version of these attacks to have a strong defense against them. If you encounter someone who is impersonating Signal Support, the simple thing to do is to just ignore their instructions and report them. Boom, you’re done.
Protect your account. It’s important to note that this backup recovery key attack is only one stage in a larger interception strategy. The “bad guys” would also need to hijack your phone number and then recover your Signal account in order to pull down your backed up chats using a stolen recovery key. To help protect your account, you should always use a Signal recovery PIN and enable Registration Lock. This will require someone to have access to both your phone number and your PIN before they can access your account. To learn more about how to set up Registration Lock, read our guide to locking down Signal.
Keep your app up-to-date for new warnings. Signal is rolling out a number of changes to help educate users on fraudulent profiles and suspicious messages. As always, keep your apps up-to-date to get these added protections and more.
Spotlight the scammers. We collect examples like this to warn others, and to help keep other journalists safe. If you receive a message with someone claiming to be Signal support, don’t hesitate to share a screenshot with us: [email protected]

Updates from our team

Lawmakers across the U.S. are threatening to limit access to VPN providers in the name of age verification laws. Our senior advocacy adviser, Caitlin Vogus, and I wrote about why VPNs are critical tools for journalists. Next time you hear about curtailing your right to access VPNs, please share our post.

Our team is always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.

Best,
Martin

–

Martin Shelton
Deputy Director of Digital Security
Freedom of the Press Foundation