After senior Trump administration members mistakenly included The Atlantic editor Jeffrey Goldberg in a secret group chat about bombing Houthi targets in Yemen, encrypted messaging app Signal found itself at the center of a storm this week. Some commentators criticized the app, going as far to blame it for the scandal.
But the whole affair that’s dubiously been dubbed “SignalGate” isn’t about Signal at all: Experts say officials shouldn’t invite untrusted contacts into sensitive chats and should only use authorized devices, platforms, and procedures when discussing top-secret military operations. In other words, the people who set up the chat made numerous mistakes, and they had nothing to do with how secure Signal is. In fact, Signal has seen its biggest-ever spike in US downloads as a result of the news.
In other news linked to that Houthi group chat, national security adviser Mike Waltz—an account with the name “Michael Waltz” originally invited Goldberg to the group—left his Venmo account open to public view. As WIRED reported, a “Michael Waltz” Venmo account displayed the names of the adviser’s colleagues and friends, revealing people in Waltz’s wider social network. After WIRED reached out to the White House, the Waltz account hid its friends list. There’s more though: WIRED also discovered other Venmo accounts linked to officials in the Signal chat. Information about who officials associate with could be highly lucrative for foreign spies and hackers.
Elsewhere, we reported on all the ways the White House adopting Elon Musk’s Starlink as an alternative Wi-Fi network could be bad news for network security. There are also early signs in Europe that some companies are going cold on cloud services from Google, Amazon, and Microsoft, as they reassess the risks of dealing with the volatile second Trump administration. And, as crossing the United States border becomes more perilous—for both citizens and visa holders—we updated our guide to keeping your digital privacy intact when you are entering the US.
That’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click on the headlines to read the full stories. And stay safe out there.
Top US Security Officials’ Passwords and Personal Phone Numbers Discovered Online
On top of SignalGate and Venmo accounts being left exposed, German news outlet Der Spiegel reported that sensitive personal information linked to several senior Trump administration security officials is easily discoverable online. Reporters from the publication found that mobile phone numbers, email addresses, and “some” passwords for top officials could be found on the internet.
Using people-search engines and information contained in public data breaches, Der Spiegel discovered personal information belonging to Waltz, director of national intelligence Tulsi Gabbard, and Pete Hegseth, the secretary of defense. “Most of these numbers and email addresses are apparently still in use, with some of them linked to profiles on social media platforms like Instagram and LinkedIn,” the news organization reported. The details were also linked to Dropbox, Microsoft Teams, Signal, and WhatsApp accounts used by the officials.
While millions of people have been caught up in online data breaches and use inadequate privacy settings on their online accounts, high-level government security officials are exposed to a broader and more severe range of online threats, particularly from nation-state hackers, than most people. Officials told the news organization that many of the accounts and personal details were no longer used or had been updated. However, messages Der Spiegel sent to WhatsApp and Signal accounts belonging to Waltz and Gabbard were delivered, the publication reported. Only after they approached the government for comment were some of the accounts restricted.
Internet Restrictions May Hide Initial Toll of Myanmar Earthquake Damage
On Friday, a huge 7.7-magnitude earthquake and aftershock hit Myanmar, with widespread damage being reported hundreds of miles away in Thailand. At the time of writing, at least 144 people have been confirmed dead with hundreds of others injured in Myanmar. As the first impacts of the devastating quake started to emerge, The New York Times reported that long-standing and widespread internet restrictions in worn-torn Myanmar were likely making it harder for news of the damage to be understood. Since the country’s military junta took power in 2021, connectivity within Myanmar has been widely disrupted or blocked. For instance in 2023, 13 out of Myanmar’s 14 states faced internet disruptions.
In the wake of the earthquake, more video footage and news could be seen immediately emerging from neighbouring Thailand, experts told the Times. “Compare the coverage of the earthquake in Thailand, where tremors and damage have been extensively reported, posted and documented, to Myanmar, where we still don’t have a clear picture of the extent of the damage and loss and may not for some time,” Joe Freeman from Amnesty International said. The lack of connectivity may also make the recovery and humanitarian efforts harder to coordinate, once again highlighting the vital need for people to have reliable and open access to the internet.
Alleged Snowflake Hacker Connor Moucka Agrees to US Extradition
Last summer’s Snowflake hacking spree, where customers of the cloud storage company had their accounts targeted, was likely one of the largest mass data exfiltrations that’s publicly known. Toward the end of 2024, Canadian authorities arrested Alexander “Connor” Moucka, 26, who allegedly used online handles such as “Waifu” and “Judische,” in connection to the hacking activity. This week, Moucka consented to be extradited to the United States to face the alleged charges. According to Cyberscoop, Moucka faces 20 federal charges, including those linked to computer fraud, wire fraud, and aggravated identity theft. Moucka is not the only person allegedly behind the Snowflake hacking, with John Binns and Cameron Wagenius being named in indictments. It is unclear when Moucka’s extradition will take place.
London Is Getting Its First Permanent Face Recognition Cameras
Police forces across the UK have massively increased their use of live face recognition cameras in recent years. Use of the controversial technology has historically been temporary: mounting cameras on top of police vehicles and deploying them for specific events and set periods of time. That’s now set to change with the first permanent face recognition cameras being rolled out in London. The city’s Metropolitan Police are in the process of installing fixed cameras in Croydon, in the south of the city.
“This will mean our use of LFR technology will be far more embedded as a ‘business as usual’ approach rather than relying on the availability of the LFR vans that are in high demand across London,” a police official wrote in a letter seen by The Times of London. Reportedly, the cameras will not be used continuously, only when officers are nearby to monitor potential alerts. However, privacy campaigners fear the move could be further rolled out across the city, leading to a network of permanent face recognition cameras unlike those seen in any other democratic countries.