DDoSecrets Adds 410GB of TeleMessage Breach Data to Index

On the 4th of May 2025, TeleMessage, an Israeli company providing modified versions of encrypted messaging apps like Signal, suffered a major data breach. The breach exposed archived messages, contact information of government officials, and backend login credentials.

The hacker, whose identity is still unknown, exploited a vulnerability in the company’s system, accessing a publicly exposed Java heap dump file that contained sensitive information. This incident raised serious concerns about the security of communications at the highest levels of the United States government, especially since former National Security Advisor Mike Waltz was seen using TeleMessage’s TM SGNL app during a cabinet meeting.

Following the breach, TeleMessage temporarily suspended its services and removed references to the app from its website. The company’s parent organization, Smarsh, is reportedly rebranding the service as Capture Mobile.

The incident has prompted investigations into the security practices of TeleMessage and the potential risks associated with using modified messaging apps for official government communications.

****CISA Added TeleMessage Vulnerability to KEV List****

In response, on 13 May 2025, the Cybersecurity and Infrastructure Security Agency (CISA) added the critical vulnerability in TeleMessage’s TM SGNL messaging app to its Known Exploited Vulnerabilities (KEV) catalogue.

This vulnerability, identified as CVE-2025-47729, involves the storage of unencrypted message archives, allowing attackers to access plaintext chat logs. Despite a low CVSS score of 1.9, the flaw’s exploitation in the wild prompted CISA to mandate that federal agencies address the issue within three weeks, either by applying vendor-provided mitigations or discontinuing the use of the product.

DDoSecrets Indexes TeleMessage Breach Data

Now, Distributed Denial of Secrets (DDoSecrets), a nonprofit focused on sharing leaked and hacked data in the public interest, has added the full set of breached TeleMessage data to its online archive.

In a post on Telegram, the organisation said the data includes some plaintext messages, while other parts consist only of metadata like sender and recipient info, timestamps, and group names. To make the material easier to analyze, DDoSecrets also extracted readable text from the original heap dump files.

However, because the dataset contains personal information and includes messages unrelated to government or corporate activity, access is currently limited to journalists and researchers.

Screenshot from DDoSecrets’ Telegram account (Credit: Hackread.com)

As of now, Hackread.com has not received a response to its request for access to the data. Nevertheless, the indexing of the TeleMessage data adds to the company’s troubles. Weeks after the breach, its website still shows limited content, and operations are still suspended.