Signal defends itself after US military officials leak classified plans by mistake on group chat

[Daniel Sims]

Facepalm: Signal likes to present itself as the most private and secure messaging service around, but the nonprofit likely didn't design the app for sharing classified plans regarding imminent military action. Yet earlier this month, senior US government and military officials did just that. Signal's president later defended the service amid renewed comparisons to WhatsApp.

Signal president Meredith Whittaker reiterated the messaging service's commitment to secure encryption and privacy after top government officials reportedly discussed a classified military operation using the platform. The conversation, which included highly sensitive information, was leaked when the US national security advisor accidentally invited The Atlantic's editor-in-chief into the chat.

Jeff Goldberg, editor of The Atlantic, said he didn't believe he'd been invited to an online meeting about upcoming attacks on the Houthis in Yemen – until the strikes occurred just hours after being mentioned in the chatroom.

I wouldn't say that Will and I are battling but I do disagree. Because there are big differences between Signal and WhatsApp.

Signal is the gold standard in private comms. We're open source, nonprofit, and we develop and apply e2ee and privacy preserving tech across our system… https://t.co/ZU60z2vVHy

– Meredith Whittaker (@mer__edith) March 25, 2025

During the exchange, Pentagon chief Pete Hegseth, Vice President J.D. Vance, and other senior officials reportedly discussed specific targets, weaponry, and other sensitive details. Goldberg declined to publish those specifics, citing concerns about endangering military and intelligence personnel. A national security spokesperson later confirmed the authenticity of the message chain.

Beyond the sensitive information shared, the messages also revealed candid insights into the officials' private opinions and communication styles. Vice President Vance reportedly expressed disagreement with President Trump over the strikes, arguing that they benefited Europe more than the U.S

After the operation, several officials celebrated with emojis, including a fist, a flexed bicep, an American flag, and a flame.

While US officials often use Signal for routine communication, the app is not authorized for transmitting classified information. Such discussions are typically conducted on secure devices within protected facilities. Legal experts suggested that sharing classified details over Signal – particularly with the service configured to erase messages – may have violated the Espionage Act.

President Trump later defended the use of Signal, saying it was the best tool available at the time, as accessing secure facilities can be cumbersome.

In response to comparisons with WhatsApp, Whittaker emphasized Signal's end-to-end encryption and privacy-first approach. The company also minimizes the amount of data it can disclose under subpoena.

By contrast, she pointed out that while WhatsApp uses Signal's encryption technology under license, it does not protect metadata, contact lists, user IDs, or profile photos. Despite Signal's encryption safeguards, devices using the app remain vulnerable to hacking and theft. The incident with Goldberg also highlights the persistent danger of human error.

Permalink to story:

Signal defends itself after US military officials leak classified plans by mistake on group chat

 

[maxxcool7421]

Good job republikkkans

 

[GodisanAtheist]

How long till we have people blaming everyone but the dumbasses running the country in these comments?

Place your bets...

 

[NumberNine]

Looks like the US gov has gone from using secure, specially hardened devices and applications to just... whatever they can find.

"Our intrepid leaders had everything they wanted. Power. Wealth. Prestige. And it made them lazy, America. Oh yes. And laziness breeds stupidity."

- President John Henry Eden

 

[DonquixoteIII]

Here is ONE incident that Trump did not create. But his comment that using the protected comms was 'too cumbersome' spells out the top-down stupidity that plagues this administration. It is like Musk has infected the administration with his 'go fast and break things' mantra. If security iis 'too combersome' then break it. Security be damned. So we lose a few loser soldiers, we'll just get more.

Poor Merkans.... You got the best gubment that money can buy.... How you liking them apples?

 

[Squid Surprise]

The story seems to be glossing over the real lapse of security… it wasn’t Signal - it’s quite secure! The security flaw was some dolt inviting the wrong person into the chat room!

You can be using the most secure device in the world but…. If you give it to the wrong person, you’re still compromised!

I’m wondering if the invitation was really sent by accident though…

 

[DonquixoteIII]

The story seems to be glossing over the real lapse of security… it wasn’t Signal - it’s quite secure! The security flaw was some dolt inviting the wrong person into the chat room!

You can be using the most secure device in the world but…. If you give it to the wrong person, you’re still compromised!

I’m wondering if the invitation was really sent by accident though…

You have obviously never been in any security related field. Signal is NOT secure to the point that it can be used for OPSEC level. First, it runs on phones.... Second, any end to end security can be broken by a MIM attack. Thereare other reasons, but even Signal admitted it was not OPSEC level of security..

 

[Squid Surprise]

You have obviously never been in any security related field. Signal is NOT secure to the point that it can be used for OPSEC level. First, it runs on phones.... Second, any end to end security can be broken by a MIM attack. Thereare other reasons, but even Signal admitted it was not OPSEC level of security..

lol, not the point… the weakness here was in inviting someone into the chat room.. not Signal!

 

[DonquixoteIII]

lol, not the point… the weakness here was in inviting someone into the chat room.. not Signal!

No, friend... The weakness here was NOT using an OPSEC qualified channel, as that is a Ft, Leavenworth FP level security violation. The outside person in the convo would have been a far lower level of security violation in an OPSEC environment. This is the equivalent of handing over today's launch codes to, say, North Korea, China and Russia. Only a 'true Trumper' could try to downplay the seriousness of this event. The Rosenbergs were hanged for less.

 

[Squid Surprise]

No, friend... The weakness here was NOT using an OPSEC qualified channel, as that is a Ft, Leavenworth FP level security violation. The outside person in the convo would have been a far lower level of security violation in an OPSEC environment. This is the equivalent of handing over today's launch codes to, say, North Korea, China and Russia. Only a 'true Trumper' could try to downplay the seriousness of this event. The Rosenbergs were hanged for less.

Yes, that is clearly ALSO bad… but had they not invited the wrong person in, no one would have known… cause Signal was “secure enough”… yes, it was wrong to use it… but it was not the major flaw here!

And I’m no republican - the fool who invited the wrong guy in was a republican!

 

[brucek]

I thought it was silly anyone would blame Signal for this, then on reading the article I failed to find any instances of anyone actually doing so.

If Signal's president felt the need to make sure as many people as possible understood that this was not a case of Signal leaking a conversation to an uninvited party, I guess that's just what you have to do when your company is dragged into the news as a minor part of a story that's really about something else.

 

[pnntmp]

The most secure messaging app - until someone invites a journalist

This subtitle implies Signal is no longer the most secure messaging app, but there is no reason whatsoever to claim that. That's a typical case of recklessness and ignoring the rules, to which Signal is entirely irrelevant.
If accessing secure facilities can be cumbersome, make the necessary changes instead of using whatever tool happens to be around.

 

[JamesBlond]

Signal is better

 

[bviktor]

any end to end security can be broken by a MIM attack.

You’re wrong, and it’s MITM fyi, mister security expert

(An infosec officer)

 

[whateversa]

"After the operation, several officials celebrated with emojis, including a fist, a flexed bicep, an American flag, and a flame."

That is my favorite part of this whole thing.

 

[gamerk2]

Yes, that is clearly ALSO bad… but had they not invited the wrong person in, no one would have known… cause Signal was “secure enough”… yes, it was wrong to use it… but it was not the major flaw here!

Signal is *not* "secure enough". Just because a communication device supported some form of encrypted communication does *not* certify it's use for the transmission of classified communications. Knowingly using such a device would be a criminal act.

Your argument is basically "its fine if no one knows about it".

 

[kiwigraeme]

Warnings went out in USA govt intelligence circles on 18th of March that Signal was no longer considered safe and good chance already compromised

Signals sole purpose is to organise secure meetings on approved channels , not to have the meeting

Trumps lot used signal in violation of rules 1st term . Seems they were regularly using it often this term

What 18 phones - who the F knows what they are or what pron/apps republicans download on them, given the high rate of convictions amongst GOP
Probably at least one of those phones compromised
Definitely the one right in Moscow at time of meeting , no burner phone, The moment that delegation stepped of the phone they would be targeted , the hotel he was at
. To think otherwise is to be bereft of any common sense

A person called VP was in the chat - some say this was Vladimir Putain , others cushion boy

Trump 1st term team mucked up opsec in Africa getting 4 USA soldiers killed , he gave russia intel on Israelis much to their displeasure

Seems employing TV hosts , people will no qualifications is par for course. Trump burn rate first term was unprecedented .

Russia 90% got that info - apparently name of head CIA operative, sequencing of attack , exact target, including names , exact weapons is NOT classified info.

Russian comms were hacked in Ukraine war early on.
18 dodgy phones , one person in Moscow to shill for Putain to discuss the carve up of Ukraine/Greenland etc who was targeted by probably a dozen different ways

Your USA Head - we have clean opsec , probably just liked saying it , fire in the hole. fist pump, Old glory, aubergine*3 emojis

What a complete incompetent ****show , has this new admin managed to do anything competently,

but her emails, her laugh , the price of eggs
Thankfully we are watching the fall of The USA as no longer an ally to the free world . But your country has a 10 billion surplus on 500 Billion dollars trade with us . Not fair - lets stop all that trade. for MAGA I will spell it out 500 exports from USA and 510 imports . tell me have tariffs on "friendly" countries on 2nd of april is a winner.
Your allies don't trust your head honchos, thinking rules don't matter , it's all a game
US friendly fire is legendary

 

[The Talking Tech]

The app did its job properly...on the other hand Trump and his incompetent administration couldn't possibly have embarrassed themselves any further while putting people's lives at risk.

 

[Dr Roboto]

Lot's of great comments. Let's be clear, Signal is not the issue, which is obvious to anyone with half a brain. Signal is responding to the ignorant perception that some how its is not secure. The true issue that conservative propaganda is trying to deflect and hide the blatant stupidity and clearly illegal use of the app to send/discuss classified information.

The worst part of all, we are only 2 months into 4 years of this clown show. I sure hope the USA survives.

 

[wiyosaya]

Here is ONE incident that Trump did not create.

Trump did not create this? I just cannot stop laughing when Trump nominated, and then the Senate approved, a bunch of know nothing about real government dolts for his cabinet.

But his comment that using the protected comms was 'too cumbersome' spells out the top-down stupidity that plagues this administration. It is like Musk has infected the administration with his 'go fast and break things' mantra. If security iis 'too combersome' then break it. Security be damned. So we lose a few loser soldiers, we'll just get more.

That sums up Trump, IMO.

Poor Merkans.... You got the best gubment that money can buy.... How you liking them apples?

Not everyone voted for Trump and Trump did not win by the margins he claims.

Your statement, IMO, is akin to saying everyone votes for Putin in Russia when we all know that is total BS.

 

[Squid Surprise]

Signal is *not* "secure enough". Just because a communication device supported some form of encrypted communication does *not* certify it's use for the transmission of classified communications. Knowingly using such a device would be a criminal act.

Your argument is basically "its fine if no one knows about it".

You didn’t read my argument… I’m not arguing that Signal should be used by the government!!
My point is that the security that was “broken” IN THIS SPECIFIC CASE was in no way the fault of Signal! It was the fault of stupidity!

 

[Stiqy]

You have obviously never been in any security related field. Signal is NOT secure to the point that it can be used for OPSEC level. First, it runs on phones.... Second, any end to end security can be broken by a MIM attack. Thereare other reasons, but even Signal admitted it was not OPSEC level of security..

As far as this incident and story go that is a moot point.

The story here has zero to do with Signal's security and 100% to do with some ******* inviting the wrong person into a private group.

The fact that 99% of the article and noise around it is about whether Signal is secure or not is a giant red herring.

 

[New Day]

The story seems to be glossing over the real lapse of security… it wasn’t Signal - it’s quite secure! The security flaw was some dolt inviting the wrong person into the chat room!

You can be using the most secure device in the world but…. If you give it to the wrong person, you’re still compromised!

I’m wondering if the invitation was really sent by accident though…

How did a journalist let alone that journalist get included? Someone did it intentionally.

 

[kiwigraeme]

How did a journalist let alone that journalist get included? Someone did it intentionally.

Occam's Razor - stupidity
Head honcho setting up the chat said doesn't know this Journo - No he knew him, had him on his phone to leak stories, he just was crap up phone admin - Fne for us to be a bit sloppy if we know 3 Jims and include the wrong one.

You would be surprised had many leak stories to "The Fake Media" they say they hate.
Lots of back stabbing , in-fightng , grovelling for Trumps ring to lick

 

[kiwigraeme]

They used signal to avoid The Law - keeping all govt communication

Trump did it 1st term all the time, When spoke with Putain asked everyone to leave room . Hell he was contacting Putan and Russain agents when not president and that was illegal - So many documented stuff. Even Trump didn't deny it , saying he's allowed too. Russian private jets parking right next to Trump's Jet when not president

ie a lot of illegality that is now happening is not documented and done in illegal back channels and go betweens, Exactly why this admin E.O to not have any surveillance of Russian activates in USA for political reasons . FBI is NOT allowed to investigated or set up defenses against Russian interference . Read the news was an executive order

Then again nothing new - Farage got german money , believe far right german, and french as well. Though apparently Le Pens daughter did back Ukraine somewhat