Signal Backup Recovery Key phishing mitigation
Advisory/Mitigation
Updated: 27.06.2026 01:06
· First: 27.06.2026 01:06
· 📰 1 src / 1 articles
· H score: 25
The FBI and CISA updated mitigation guidance for Signal users after a phishing operation began targeting Backup Recovery Keys, which can expose historical messages on compromised accounts. The advisory says legitimate support communicates only through official company email addresses, never asks for verification codes in the app, and does not send links to verify or restore accounts. Users who may have shared a key are told to create a new Backup Recovery Key so the old one no longer works for future backup downloads, although already stolen backups can still remain accessible.