Imagine for a moment: you are a journalist, and without warning, you are added to a private conversation on Signal. A conversation in which senior U.S officials discuss a secret military operation in Yemen. Are you thinking of a bad joke? Unfortunately, it is not a joke. What was supposed to remain a classified discussion between the top minds of US national security has turned into a scandal. And that’s not all, because a few days later, an investigation reveals that the personal data of these same officials is freely circulating on the internet and therefore exposed on the Dark Web.
Welcome to the fascinating—and worrying—world of cybersecurity in 2025.
When Signal becomes a speaker
Firstly, on March 25, La Presse reported an unusual situation, to say the least. Journalist Jeffrey Goldberg, editor-in-chief of The Atlantic, was mistakenly added to a discussion group on the Signal app.
However, this group did not include just anyone, as it included Vice President J.D. Vance, Pentagon chief Pete Hegseth, Director of Intelligence Tulsi Gabbard and several other key figures in the Trump administration. The topic of the conversation? An imminent strike against the Houthi rebels in Yemen.
Goldberg was astonished to discover sensitive details in this discussion, such as a plan of attack, identified targets, unflattering comments about European allies, etc. All of this was documented in an article published a few days later in The Atlantic.
The White House reacted calmly. The American president referred to a “minor glitch” and his national security advisor Mike Waltz accepted responsibility for the error. He explained that he had mixed up the numbers in his contacts. The director of intelligence and the director of the CIA assured that no classified information had been transmitted.
But the damage is done. And for cybersecurity experts, this situation highlights a much broader reality: humans remain the weak link in the digital world.
Second shockwave: personal data exposed
Secondly, the next day, a new bombshell exploded. This time, it came from Germany. The magazine Der Spiegel reveals that it has found the personal data of several of the people involved in the Signal conversation on the internet: telephone numbers, emails and even passwords.
This information was unearthed via commercial search engines and hacked databases. Some of the data was directly linked to active profiles on LinkedIn, Instagram, WhatsApp, Signal, Dropbox or location apps.
And these were not old traces: several addresses and numbers were still in use at the time of publication of the article. According to Der Spiegel, it is even “possible” that these breaches have allowed foreign services to spy on sensitive exchanges… including those related to the attack in Yemen.
In response, a spokesperson said that some passwords had been changed since 2019. But the case highlights an even bigger problem: our digital credentials are everywhere—often where we forget them.
The Dark Web, the silent winner
When data of this nature ends up online, it never stays there alone for very long. It is sucked up, collated, resold, and ends up where nobody ever looks: in the depths of the dark web.
The dark web is that hidden part of the internet where you can find everything from clandestine forums and stolen databases to identities for sale and hacking tools. It is not a myth: hundreds of millions of accounts, passwords, telephone numbers and personal details circulate there – and the recent leak by American officials has only added to this flood.
All it takes is a reused password or an email for a malicious actor to:
- Target a sensitive account with spyware
- Usurp an identity to infiltrate a system
- Mount an ultra-targeted phishing campaign
The connection between the Signal blunder and the leak of personal data is worrying: a human misstep combined with poorly managed digital traces can have explosive consequences.
And what about you?
One might think that this kind of incident only affects governments, but in reality, every organization, large or small, runs the same risks. The methods used by Der Spiegel to access the data? They are accessible to anyone.
At Mon Technicien, we often see this scenario: personal accounts used for professional purposes, passwords unchanged since 2017, or overly broad access left to former employees. In conclusion, you don’t have to be a high-value target to end up in the crosshairs of a cybercriminal, because all it takes is one human error to set everything in motion.
Here are some best practices to keep in mind:
- Activate multi-factor authentication (MFA)
- Use a password manager
- Separate your professional and personal uses
- Check regularly for known leaks (e.g., is Have I Been Pwned and Mozilla Monitor )
- Train your teams. Not once. Often.
You don’t need a James Bond to compromise everything
In short, the biggest lesson of this story is that it is not always technology that can fail, it can also be how it is used. Signal is encrypted, powerful, reliable. But no application is immune to a finger that slips on the wrong contact.
And once the personal data of those who make a country’s decisions ends up on the dark web, it’s a whole new level of risk. Sometimes all it takes is a misconfigured Signal group and recycled passwords.
Want to know if your information is already circulating in the dark web? 👉 Contact My Technician for an analysis of your digital exposure and a concrete action plan to regain control.
💬 Thought for the day
“In the digital world, it’s not walls that protect… it’s habits.”
in your taskbar.