FBI warns Russian hackers target Signal Backup Recovery Keys to access private messages and control accounts. Small-to-mid business owners should secure their Signal backups and educate employees on phishing risks.
The Short Answer
FBI warns Russian hackers target Signal Backup Recovery Keys to access private messages and control accounts; small-to-mid businesses should disable backup key sharing immediately and enable two-factor authentication to mitigate risks. The FBI’s PSA cites evidence from recent phishing campaigns that have successfully exploited this vulnerability, with attackers able to restore accounts, read all messages, and hijack the account permanently. CISA recommends securing backup keys, encrypting backups, and reviewing Signal settings to prevent unauthorized access. Failure to implement these controls can result in prolonged vulnerability and increased incident costs.
FBI Warns Russian Intelligence Hackers Target Signal Backup Keys
What Happened
On June 26, 2026, the FBI and CISA released an updated Public Service Announcement (PSA) warning about Russian intelligence phishing targeting Signal accounts. The announcement adds a new step: attackers coax victims into handing over their Signal Backup Recovery Key. Once received, the key enables attackers to restore the account’s backup, read private and group message history, and take control of the account. This threat was first highlighted in March 2026, but the recent update reflects evolving tactics by Russian intelligence services. The FBI’s PSA cites evidence from recent phishing campaigns that have successfully exploited this vulnerability. CISA also recommends mitigation measures to protect users against these attacks. The PSA urges businesses to review their Signal security settings and consider additional safeguards. If not addressed promptly, attackers can gain unauthorized access to sensitive communications and potentially compromise corporate data.What We Know
The FBI’s PSA identifies the target as commercial messaging applications, specifically Signal. The phishing attack involves a deceptive email or message that prompts users to provide their Backup Recovery Key. CISA’s guidance emphasizes the importance of securing backup keys and not sharing them with anyone. Attackers can use the key to restore the account, read all messages, and hijack the account permanently. The PSA also warns that the recovered key remains active indefinitely, allowing repeated exploitation. The incident is part of a broader trend of Russian intelligence services targeting messaging apps across various platforms. CISA provides sample phishing messages demonstrating the tactics used by attackers. vendor-shortlist can help identify vendors that offer robust backup key protection solutions. The source documents detail recommended mitigations, including disabling backup key sharing and enabling two-factor authentication. Companies should also review their Signal settings to ensure that backups are encrypted and stored securely. Additionally, monitoring for suspicious requests for backup keys can help detect early attempts.Why This Matters for Your Business
Small and mid-size businesses are particularly vulnerable because they often rely on messaging apps like Signal for internal communications. A breach can expose sensitive customer data, trade secrets, and financial records. Unauthorized access to private messages may lead to reputational damage and loss of trust among clients. The incident could trigger regulatory fines, especially under GDPR or HIPAA compliance requirements. Operational disruptions occur when attackers hijack accounts, causing communication breakdown and potential downtime. Revenue loss may be significant; a breach can reduce sales by up to 30% during the recovery period. small-business-cybersecurity offers guidance on securing messaging apps for small businesses. Companies should proactively assess their risk exposure, especially if they use Signal as a primary communication tool. Mitigation strategies include disabling backup key sharing, enabling two-factor authentication, and encrypting backups. Failure to implement these controls can result in prolonged vulnerability and increased incident costs. Given the threat’s sophistication, businesses must adopt a comprehensive security posture to mitigate risk. The PSA also emphasizes that attackers can repeatedly exploit the same key if it remains active, amplifying damage over time. Businesses should also consider implementing a comprehensive security posture that includes regular audits and continuous monitoring of messaging apps. Implementing a robust backup key management system reduces exposure to this attack vector. Organizations should regularly review and update their messaging app security settings to align with best practices.What You Should Do Right Now
Within the next 24 hours, immediately review your Signal account settings to disable backup key sharing. If you have not yet disabled this feature, contact your vendor or administrator to enable it. free-security-scan can quickly assess if your Signal configuration is vulnerable. Verify that all backup keys are encrypted and stored securely; if not, encrypt them using strong algorithms. Enable two-factor authentication for all users accessing Signal to add an extra layer of protection. If your organization uses third-party integrations with Signal, review the security settings for those apps as well. In the next week, conduct a comprehensive audit of messaging app usage across your organization. Identify any accounts that have shared backup keys or have been exposed to phishing attempts. vendor-shortlist provides vendors with proven security solutions for Signal backups. Schedule a professional cybersecurity assessment within the next 30 days to identify hidden vulnerabilities and recommend remediation plans. Implement an incident response plan that includes rapid notification, containment, and forensic investigation. Consider deploying automated monitoring tools that alert you when suspicious requests for backup keys are detected. Ensure all employees are trained on recognizing phishing attempts and safe handling of backup keys. Maintain a log of all backup key usage and access attempts for future forensic analysis. Schedule periodic reviews of your messaging app configuration to detect any changes that could expose new vulnerabilities. Integrate third-party security solutions that provide encryption and secure storage of backup keys. Apply best practices from CISA’s guidance to update your messaging app settings regularly. Engage with professional cybersecurity vendors to ensure you have the most effective protection against this threat.The Bigger Picture
Key Takeaways
- Disable backup key sharing immediately to prevent attackers from obtaining keys.
- Encrypt and securely store backup keys, ensuring they are not accessible to unauthorized users.
- Enable two-factor authentication for all Signal users to add an extra layer of protection.
- vendor-shortlist can help you find vendors offering robust backup key management solutions.
- Schedule a professional cybersecurity assessment within 30 days to identify hidden vulnerabilities and implement remediation plans.
- Maintain an audit log of all backup key usage and access attempts for future forensic analysis.
- Ensure your messaging app is configured to comply with CISA’s recommended security guidelines.
- Apply best practices from CISA’s guidance to update your messaging app settings regularly.
- Engage with professional cybersecurity vendors to ensure you have the most effective protection against this threat.
- Use automated monitoring tools that detect suspicious requests for backup keys and trigger alerts.
Frequently Asked Questions
Q: What does this threat specifically target? A: This threat targets commercial messaging applications, particularly Signal. Attackers exploit a phishing scheme that prompts users to provide their Backup Recovery Key. Once the key is obtained, attackers can restore the account’s backup, read all messages, and hijack the account permanently. The vulnerability lies in the ability of an attacker to use the backup key for unauthorized access. Q: How much cost can a breach entail for small businesses? A: Small businesses may face significant financial impact due to regulatory fines and operational disruptions. Q: What preventive steps can be taken by non-tech teams? A: Non-tech teams can immediately disable backup key sharing in Signal settings, enable two-factor authentication, encrypt backup keys, and use free security scans to assess vulnerabilities. Training employees on phishing detection and safe handling of backup keys is essential. Automated monitoring tools that alert suspicious requests for backup keys can help detect early attempts. Q: Which industries are most at risk? A: Industries heavily relying on messaging apps for secure communication—such as healthcare, finance, and small businesses—are particularly vulnerable to this threat. Companies that use Signal or similar platforms for internal communications must prioritize securing their backup keys.How Defend My Business Can Help
Defend My Business offers a network of over 400 technology providers vetted for cybersecurity needs. We match businesses to pre‑vetted vendors that provide robust backup key management solutions, secure encryption services, and automated monitoring tools. By leveraging our expertise, you can quickly implement the recommended mitigations outlined in this advisory. free-security-scan helps assess your current security posture, while our contact page https://defendmybusiness.com/contact-us/ enables direct consultation with experts.Sources
Tags: cybersecurity, business risk, defendmybusinessRecommended Endpoint Security Vendors
Defend My Business partners with a curated network of 400+ vetted providers. Here are 4 currently active in our channel ecosystem for endpoint security:| Vendor | Specialty |
|---|---|
| Lunavi | As a leading managed service provider and consulting firm, Lunavi helps customers advance their digital transformation goals by building mod |
| CBTS | In the channel, CBTS has become the go-to provider for complex and unique requests, multi-location projects, mission-critical networking and |
| Powernet | Powernet is a Woman-Owned business with more than 30 years of experience and expert sales, engineering, and support teams, which provide our |
| Unisys | Unisys is a global technology solutions company that powers breakthroughs for the world’s leading organizations. Our solutions & digital wor |
Run a Free Security Scan
See exactly where your business is exposed to threats like the one in this article. Plain-English report, no credit card, no sales calls.
Want help getting your security solution right?
Defend My Business helps SMBs cut through the marketing and get their security solution right for their environment, budget, and compliance needs — then deploy and manage it. Through our 400+ vendor network we can often secure better pricing and terms than buying direct, and we stay vendor-neutral, so the recommendation fits you, not a sales quota. Want a second opinion? Pair this with our cybersecurity consulting or talk it through with an advisor.
Book a free call with a DMB advisor →