The use of unsecured messaging applications for communicating highly sensitive information became a global talking point in March of this year. Jeffrey Goldberg, editor-in-chief of The Atlantic, reported that he was inadvertently included in a Signal group used by then United States national security advisor Mike Waltz. Waltz has since left his position. And the crisis has escalated further since.
In May, 404 Media reported that the Signal clone used by Waltz and other high-ranking national security officials—which was provided by Smarsh through their TeleMessage technology—was hacked twice. The hack exposed administrator credentials, unencrypted message content and data associated with U.S. government agencies and financial institutions. These included U.S. Customs and Border Protection (CBP) and Coinbase.
Furthermore, in May, a U.S. Senator requested an investigation by the Department of Justice into whether Smarsh/TeleMessage violated the False Claims Act by selling potentially insecure products to the U.S. government.
Fundamental failures: lessons from the Smarsh TeleMessage hack
To execute their attack, the hacker broke into the systems of TeleMessage, a company owned by Smarsh. TeleMessage builds modified versions of encrypted messaging apps such as Signal, Telegram and WhatsApp for regulatory archiving purposes. Smarsh completed its acquisition of TeleMessage in February 2024.
The most concerning thing about this incident? While it might sound like a sophisticated, nation-state-led attack, the Smarsh TeleMessage hack was actually carried out by an individual and reportedly took under 30 minutes.
The TeleMessage attack exposed serious vulnerabilities in how data from an encrypted messaging application was managed and stored. It also showed what can happen when vendors rush to deliver software solutions that aren’t based on secure engineering and resilient design. This is where Proofpoint is different.
Secure and compliant data capture with Proofpoint
Proofpoint Capture—which is part of the Proofpoint Digital Communications Governance (DCG) portfolio of products—encrypts your data from the point of capture to its storage in Proofpoint Archive or other third-party repositories. Unlike Smarsh, with its TeleMessage technology, we don’t make our capture codebase accessible for public distribution. In addition, we don’t rely on application clones that might invalidate vendor security guarantees and introduce new vulnerabilities. For mobile capture in particular, we provide a serverless, least‑privilege architecture, immutable audit trails, tamperproof evidence and much more.
Your next steps
If you’re concerned about the Smarsh TeleMessage incident and what it means for your organization, let Proofpoint help.
- View our recorded webinar. Our experts break down how the attack occurred, what it means for regulated industries and how Proofpoint’s digital communications governance solutions are designed to protect against such risks.
- Contact your Proofpoint DCG Sales Specialist to discuss your options. We are offering free use of Proofpoint Capture to TeleMessage customers for 90 days and the migration can be completed in as little as two weeks. Customers can assess their long-term options from there.
- Learn more about Proofpoint’s enhanced capture, archiving and supervision innovations for digital communications governance.
