Messages detailing the air strikes on Houthi rebels were shared with The Atlantic journalist Jeffrey Goldberg
Members of the government working in the Pentagon were warned about using the messaging app Signal this month, but when it came to war plans that were supposed to be highly secretive, it was too little too late.
On March 24, The Atlantic journalist Jeffrey Goldberg made a surprising revelation: he’d inadvertently been added to a Signal group chat consisting of members from Donald Trump’s administration. The chat was buzzing with plans to launch air strikes against the Houthi rebels in Yemen.
Just hours after Goldberg received the messages, the attack was carried out, confirming to the journalist that this was no hoax. The timing and content of the messages left him with no doubt that he had stumbled upon a real, high-stakes discussion.
It has now come to light that government officials were alerted about potential vulnerabilities in Signal before The Atlantic article was published. A department-wide advisory raised concerns about the app’s security, warning of a “vulnerability” that could be exploited.
Signal, like WhatsApp, is an open-source, encrypted messaging platform that supports instant messaging, voice calls, and video calls. In his article, Goldberg explained that Signal has become a go-to tool for journalists and others who prioritize privacy beyond what traditional messaging services offer—possibly explaining why government officials felt they could use it for discussing sensitive matters. While one might argue that a face-to-face conversation would have been more secure, that’s a discussion for another time.
The warning, which NPR obtained, detailed that the Pentagon had flagged a security vulnerability in Signal. The email stated, “A vulnerability has been identified in the Signal Messenger Application. Russian professional hacking groups are employing the ‘linked devices’ feature to spy on encrypted conversations.”
It also highlighted that Google had uncovered Russian hacking groups targeting Signal to monitor individuals of interest. The email continued, “Please note: third-party messaging apps (e.g., Signal) are permitted by policy for unclassified accountability/recall exercises but are NOT approved to process or store nonpublic unclassified information.”
Unfortunately, this advisory email was dated March 18, just three days after the Yemen attack and five days after Goldberg was unknowingly added to the group chat.
This wasn’t the only alert staff had received concerning Signal, however.
According to NPR, a memo from 2023 cautioned against using Signal for any nonpublic official information, emphasizing security concerns regarding the app.
The Trump administration has attempted to downplay the gravity of the leak, with Trump asserting that the messages contained “no classified information.” He added, “We’ve pretty much looked into it. It’s pretty simple, to be honest… It’s just something that can happen. It can happen.”
However, in his article, Goldberg stated that the leaked messages included information that “could conceivably have been used to harm American military and intelligence personnel,” although he refrained from detailing those specifics.
In response to the Pentagon’s warning, a spokesperson for Signal clarified to NPR that the email was not related to any security vulnerabilities within the app but was an advisory about “phishing attacks.” These attacks involve hackers attempting to access sensitive information through impersonation or other deceptive methods.
“Once we learned that Signal users were being targeted and how they were being targeted, we introduced additional safeguards and in-app warnings to help protect people from falling victim to phishing attacks. This work was completed months ago,” said Jun Harada of Signal.
