Messaging app seen in use by Mike Waltz suspends service after hackers claim breach

TeleMessage, the app that President Donald Trump’s former national security adviser, Mike Waltz, appeared to use to archive his group chats, has suspended all services after hackers claimed to have stolen files from it.

A spokesperson for Smarsh, the company that owns TeleMessage, said Monday that the company “is investigating a potential security incident. Upon detection, we acted quickly to contain it and engaged an external cybersecurity firm to support our investigation.”

“Out of an abundance of caution, all TeleMessage services have been temporarily suspended,” the spokesperson said.

The app, which uses encryption technology similar to that of the popular messaging service Signal but also offers government agencies and companies a way to back up copies of chats for compliance purposes, first came under public scrutiny after Waltz appeared to be using it during a Cabinet meeting last week. 

His use of the app reignited concerns about the security of his communication methods that were sparked by the “Signalgate” controversy, in which he accidentally invited a journalist into a Signal chat of top administration officials as it planned military strikes on Houthis in Yemen. 

Signal automatically encrypts messages as they travel between users. But the details around TeleMessage’s encryption and security protocols aren’t fully clear.

Signal is highly regarded by cybersecurity experts, but the federal government has specific systems and protocols for transmitting sensitive information and messages. Officials are expected to use highly monitored intranet systems that are almost entirely closed off from the rest of the digital world for sensitive military planning to reduce the chance outside parties can snoop on them.

Here are five things to know about Mike Waltz.

The use of encrypted messaging apps in the U.S. government has grown significantly in recent years, but it poses a problem for officials subject to laws that require them to save their correspondence — creating a tension between the need for secrecy and archiving. TeleMessage had boasted in a blog post on its website that it was conceived for just such a reason, though it has since taken that post down.

But archives of sensitive information inherently make targets for hackers.

On Sunday evening, a hacker credibly claimed to NBC News to have broken into a centralized TeleMessage server and downloaded a large cache of files. As evidence, the hacker provided a screenshot of TeleMessage’s contact list of employees at the cryptocurrency broker Coinbase, which uses TeleMessage.

A Coinbase spokesperson confirmed to NBC News that the screengrab was authentic, but stressed that Coinbase had not been hacked and that none of its customers’ data had been affected.

“At this time, there is no evidence any sensitive Coinbase customer information was accessed or that any customer accounts are at risk, since Coinbase does not use this tool to share passwords, seed phrases, or other data needed to access accounts,” the Coinbase spokesperson said.

The hacker told NBC News they have not fully sifted through the hacked files yet, and it is unclear if they include sensitive conversations from the U.S. government.

Several government agencies, including the Department of Homeland Security, the Department of Health and Human Services, the Treasury Department and the U.S. International Development Finance Corp., appear to have active contracts with TeleMessage or other companies to use TeleMessage’s services, according to government records reviewed by NBC News.

Separately, a different hacker told the tech news publication 404 Media that they had also hacked TeleMessage and provided significant evidence. NBC News has not interacted with that hacker.

It was not immediately clear if additional hackers have accessed TeleMessage files.

This story first appeared on NBCNews.com. More from NBC News: