High-profile breach of secure messaging app exposes critical security & compliance issues

The recent suspension of a trusted messaging archiving service has been a stark warning to businesses relying on partners and third-party tools for their regulatory compliance.

In early May 2025, services were abruptly halted on the messaging platform following reports of a significant security breach, highlighting a critical failure at the intersection of compliance functionality and cybersecurity.  

The attack is likely related to the former US National Security Adviser Mike Waltz being observed by reporters using what appeared to be the messaging app during a Cabinet meeting, intensifying concerns regarding how White House officials comply with app security.

The platform's owners took swift action after NBC News reported that hackers had shown it credible evidence of having broken into a central server and downloaded a large cache of files.

Compliance compromised

The secure messaging app had gained prominence by offering modified versions of popular encrypted messaging apps like Signal, WhatsApp, and Telegram specifically designed to archive communications for regulatory adherence (per SEC Rule 17a-4, FINRA 4511).

Its user base lists government agencies and financial firms handling sensitive data, including the US Department for Homeland Security, Bloomberg, Bristol Finance, Microsoft, and cryptocurrency broker Coinbase.

That a tool specifically built for compliance suffered such a breach underscores the risks involved in the current market landscape.  

Flaws exposed

The cybersecurity breach, reportedly executed within less than 30 minutes, exploited basic security failures rather than complex vulnerabilities. The issues cited included hard-coded credentials, where authentication keys embedded directly in the source code provided an easy attack surface. The potential damage of the intrusion was exacerbated by insecure archiving, as the app was shown to store messages it had decrypted as plain text, undermining the end-to-end encryption of the original messaging system. 

Fallout & risks

The breach reportedly exposed archived message content, contact and employees lists, and potentially backend system credentials.

Coinbase has since confirmed employee contact list exposure, but stated no customer data or account access was compromised due to the breach.

The suspension creates immediate and worldwide operational and compliance gaps for financial firms and government agencies relying on the service for mandated record-keeping.  

Critical lessons in compliance and security

This incident starkly illustrates the tension between achieving regulatory compliance and maintaining robust security.

Modifying secure applications can weaken their protection, and leading experts in compliance advise that security architecture comes first, rather than as an optional extra for an existing platform.

To find out more about how to secure your compliance platform, or advice on how to protect your communications, contact 1GLOBAL today.