Analysis

TeleMessage, a messaging platform recently acquired by Smarsh and notably used by former U.S. national security adviser Mike Waltz, experienced a significant security breach stemming from fundamental flaws in its architecture and security practices. The hack, executed in approximately 15 to 20 minutes, exploited vulnerabilities including client-side MD5 password hashing for its admin panel (secure.telemessage.com) and, crucially, a publicly exposed Java heap dump endpoint on its archive server (archive.telemessage.com). This misconfiguration, likely due to an outdated Spring Boot version or manual override of default security settings, allowed unauthorized access to sensitive data including usernames, passwords, unencrypted chat logs, and encryption keys. The breach impacted users such as U.S. Customs and Border Protection and exposed internal chats from Coinbase, although Coinbase stated no sensitive customer account data was compromised. This incident starkly contrasts with TeleMessage's marketing claims of end-to-end encryption, as messages were reportedly uploaded unencrypted to the archive server. The identified vulnerabilities, such as the exposed heap dump endpoint, are well-documented risks, indicating a severe lapse in TeleMessage's security posture prior to and potentially post-acquisition by Smarsh. The overall sentiment surrounding this event is negative, reflecting the critical nature of these security failures.