Journalists and researchers can access a massive 410 GB database of leaked messages and other data from TeleMessage, a hacked Signal-clone messenger used by former US National Security Advisor Mike Waltz. The leak may also expose other officials because the app used Signal servers and saved message copies in plain text.
DDoSerets (Distributed Denial of Secrets) is a reputable nonprofit whistleblower site, used by news outlets to investigate many high-profile leaks.
The site published “thousands of heap dumps taken May 4th, 2025, from TeleMessage, which produces software used to archive encrypted messaging apps such as Signal and WhatsApp.” The Signal clone is named TM SGNL.
The 410GB size archive includes plaintext messages, metadata, including sender and recipient information, timestamps, and group names.
“To facilitate research, Distributed Denial of Secrets has extracted the text from the original heap dumps,” DDoSecrets said.
The public library of leaks only offers access to data to journalists and researchers due to personally identifiable information in the dataset, “and the inclusion of groups and messages unrelated to government or corporate behavior.”
The knock-off Signal app was hacked on May 4th, 2025. It took less than 20 minutes for hackers to breach the app used by top-level Trump administration officials. According to a 404 Media report, the hacker exploited a vulnerability in TeleMessage, gained access to the backend infrastructure, and was able to intercept users’ messages.
Waltz was photographed using TM SGNL days before the breach. According to Micah Lee, the journalist who reported the breach, Waltz had texts with Tulsi Gabbard, JD Vance, and Marco Rubio.
“It seems that the SignalGate saga of staggering incompetence is not yet complete. I'm digging into this data right now. It’s bonkers,” Lee said.
The TM SGNL app is a fork of the open-source Signal client that uses the same protocol, which allows to communicate with standard Signal users. However, contrary to Signal, which is end-to-end encrypted, TM SGNL saved plaintext copies of every message to its archive server.
“The service came to public notice in 2025 when it was reported that former national security adviser Mike Waltz used TeleMessage while communicating with members of the Trump administration, including Vice President JD Vance and Director of National Intelligence Tulsi Gabbard. TeleMessage has been used by the federal government since at least February 2023,” DDoSecrets noted.
Waltz was removed from the National Security Adviser post after he accidentally added a journalist, Jeffrey Goldberg, to a secret Signal group chat where top officials were discussing upcoming US strikes on Houthi targets in Yemen on March 15th.
The flaw flagged by CISA
The cybersecurity authority CISA has added the TeleMessage flaw, tracked as CVE-2025-47729, to the Known Exploited Vulnerabilities (KEV) catalog.
“The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL (aka Archive Signal) app users, which is different functionality than described in the TeleMessage “End-to-End encryption from the mobile phone through to the corporate archive”" documentation, as exploited in the wild in May 2025,” the vulnerability description reads.
The TM SGNL app is developed by TeleMessage, which is owned by Smarsh, a software company based in Portland. The company specializes in comprehensive archiving and has compliance, supervision, and e-discovery tools for highly regulated industries, such as police, lawyers, the public sector, and financial services.
The app wasn’t listed in the app stores and was likely distributed via enterprise and mobile device management channels, according to Lee.
Your email address will not be published. Required fields are markedmarked