FBI Warns: Russian Hackers Target Signal Backup Keys

Emily Davis · 2026-06-26

You probably think your Signal messages are safe. And in most cases, they are. But the FBI and CISA just dropped a warning that changes the game. A phishing campaign linked to Russian intelligence services has evolved. Now it's not just about stealing your login info. These attackers are going after your Signal Backup Recovery Keys. And if they get those, they can read years of your private conversations. ### What's Really Going On? Let's break this down. Signal is one of the most secure messaging apps out there. It uses end-to-end encryption by default. That means even Signal itself can't read your messages. But here's the catch: your Backup Recovery Key is like a master key to your entire chat history. If someone steals that key, they can restore your backup on their own device. Suddenly, all those conversations you thought were private are now an open book. The FBI and CISA say this campaign is targeting Signal users specifically. The attackers are using phishing emails and fake login pages that look just like the real thing. They trick you into entering your phone number and then your recovery key. Once they have both, they can clone your account. It's a sophisticated attack, and it's happening right now. ### How the Phishing Works These aren't your average scam emails. The attackers have done their homework. They craft messages that look like they're from Signal support or a trusted contact. The fake pages are nearly identical to the real Signal login screen. You might not notice anything wrong until it's too late. - The email asks you to "verify your account" or "secure your backup." - It directs you to a fake page that looks exactly like Signal's login. - You enter your phone number and your Backup Recovery Key. - The attackers now have everything they need to steal your history. This is why you should never enter your recovery key anywhere except the official Signal app. If you get an email asking for it, that's a red flag. Signal will never ask for your recovery key through email or a web page. ### Why This Matters for Privacy Professionals If you're working with antidetect browsers or managing multiple online identities, this is a big deal. Signal is often the go-to for secure communication. But if your backup key is compromised, your entire operation could be exposed. Think about it: client conversations, strategy discussions, sensitive data. All of it could be in the hands of a state-sponsored hacking group. The good news is that you can protect yourself. First, enable Signal's registration lock feature. That adds an extra layer of security. Second, never click on links in unsolicited messages. Always go directly to the official app or website. Third, use a strong, unique PIN for your Signal account. And if you think you've been targeted, change your recovery key immediately. ### A Simple Way to Stay Safe Here's a quick checklist to keep your Signal account secure: - Turn on registration lock in Signal's privacy settings. - Never share your Backup Recovery Key with anyone. - Ignore any emails or texts asking for your login info. - Use a password manager to store your recovery key safely. - If you get a suspicious message, report it to Signal directly. Remember, your recovery key is the one thing that can undo all of Signal's encryption. Treat it like the password to your bank account. Because in many ways, it's even more valuable. ### The Bigger Picture This attack is part of a larger trend. State-sponsored hackers are getting smarter. They're not just going after big targets anymore. They're going after the tools we use every day. Signal, WhatsApp, Telegram. If it's popular and secure, they want to find a way in. And phishing is still their number one weapon. The FBI and CISA are right to sound the alarm. But awareness is only half the battle. You have to take action. Update your settings. Check your security habits. And always question anything that feels off. Your privacy depends on it. So take a few minutes today to review your Signal settings. It's a small effort that could save you from a huge headache down the road.