Meredith Whittaker, the head of the Signal messaging service, has acknowledged handling errors concerning the recent phishing attack targeting users of the application. Speaking to Der Spiegel, she stated that “looking back, there are a number of things we could have done differently”.
Despite admitting these lapses in handling, Whittaker strongly defended the fundamental security of the service, emphasizing that Signal itself had not been breached and that its encryption remains “robust”. The news came after Der Spiegel revealed that high-profile Signal users, including Bundestag President Julia Klöckner (CDU) and cabinet members Verena Hubertz (SPD) and Karin Prien (CDU), were specifically targeted through a phishing campaign, which is attributed to Russia.
As a response to the security breach, Whittaker announced several improvements to the app. Moving forward, users will see additional warning notices when receiving messages from unknown senders, and adding new contacts will require more than a single click. Further changes are reportedly in development.
Whittaker also addressed the criticism surrounding Signal’s crisis communication. Some critics felt that the initial public statement in March attempted to shift blame solely onto the affected users. Whittaker clarified that this was “absolutely not our intention” reiterating that the attack was clearly directed at user behavior, though she acknowledged that this was not the fault of any individual. She expressed disappointment, though not surprise, at the ridicule faced by the politicians involved on social media, noting a general “certain arrogance” within parts of the tech sphere that she finds “unpleasant”.
The founder of the non-profit organization running Signal also raised concerns about the need for better funding. Whittaker stressed that Signal relies on donations and is used by journalists, business leaders, and politicians worldwide for confidential communication. She criticized defense-related start-ups, such as Helsing, receiving billions for their promises, contrasting this with Signal’s operation. She stated that Signal manages a “functioning critical infrastructure” and is not receiving corresponding support-a disparity she views as extreme.
Furthermore, she indirectly appealed for greater national responsibility. She suggested that nations or institutions that utilize Signal so intensely, such as NATO representatives or the German federal government, should contemplate ways they can contribute to its upkeep. When confronted with the idea of banning Signal at the federal level-a proposition made by Vice President of the Bundestag Andrea Lindholz-Whittaker stated she did not understand the rationale for such a ban. She argued that all platforms of this scale are vulnerable, noting that abandoning Signal would only lead to users migrating to other services, many of which are “per se considerably less secure” than Signal itself.