Pentagon warned staffers against using Signal before White House chat leak

The Pentagon recently warned its employees against using Signal, the encrypted messaging app, due to a technical vulnerability, an NPR report reveals.

The report comes one day after the Atlantic published a story detailing how top national security officials, including the US vice-president and US defense secretary, had accidentally added a journalist to a Signal group chat, which revealed plans for military strikes in Yemen.

The Atlantic’s revelations sparked widespread outrage at the security lapse and sent ripples of shock at the breach through diplomatic circles across the world. However, Trump administration officials have tried to play down the sensitivity of the information exposed to the journalist.

But according to a Pentagon “OPSEC special bulletin” seen by NPR reporters and sent on 18 March, Russian hacking groups may exploit the vulnerability in Signal to spy on encrypted organizations, potentially targeting “persons of interest”.

Signal uses end-to-end encryption for its messaging and calls. It is also an “open source” application, meaning the app’s code is open to independent review for any vulnerabilities. The app is typically used as a secure method to communicate.

The Pentagon-wide memo said “third party messaging apps” like Signal are permitted to be used to share unclassified information, but they are not allowed to be used to send “non-public” unclassified information.

In a statement to NPR, a spokesperson for Signal said they were “not aware of any vulnerabilities or supposed ones that we haven’t addressed publicly”.

The Atlantic’s story, in which editor-in-chief Jeffrey Goldberg describes the Signal back and forth between senior Trump administration officials, led to widespread ridicule online, pointing to top officials’ lack of candor when discussing military strikes, and the original mistake in adding the journalist to the sensitive chat. The chat included top-level officials within the Trump administration, including vice-president JD Vance, defense secretary Pete Hegseth, CIA director John Ratcliffe and others.

Goldberg did not release the entirety of the messages in the article. During an appearance on a liberal podcast on Tuesday, Goldberg said he refuses to release the full thread, despite the Trump administration saying no classified information was shared. Trump dismissed the security leak as a “glitch”.

Democratic politicians have robustly criticized the intelligence officials for their behavior. On Tuesday, during a Senate intelligence committee hearing, Democratic senators pressed the director of national intelligence, Tulsi Gabbard, CIA head Ratcliffe, and FBI director Kash Patel, on the Signal chat leak.

Goldberg received information regarding a forthcoming series of airstrikes on Houthi-controlled areas on 15 March, hours before the strikes took place. The Iran-backed Houthis said at least 31 people were killed as a result of the strikes.

The US has been striking Houthi areas since November 2023, when, in retaliation for the US-backed Israeli attacks on Gaza, the Houthis began to target commercial and military vessels in the Red Sea.