Above all, the PIN is also the basis for a registration block, which prevents strangers from logging in to Signal with their own telephone number under certain circumstances. Signal generally advises users to activate the PIN and registration lock.
Attack on signal service providers
Currently, the messenger service points out these security features because a service provider that checks telephone numbers for signal has recently been attacked. In 1900, numbers registered at Signal were intercepted along with SMS verification codes.
The attackers could not have gained access to chats, profile information or contact lists under any circumstances, because this data is only stored locally on the device or can only be restored by PIN (profile and contacts).
At most one account taken over
However, they could have re-registered phone numbers with the corresponding SMS verification numbers on other devices and then received and sent messages via the respective account. However, a new registration had occurred at most with one of the 1900 numbers. And even this alleged account takeover could have been prevented by an active registration lock.
As a precaution, Signal has logged off all affected 1900 accounts from all devices and asked their users to re-register. Those affected are also said to have received an information SMS from Signal.
Whatsapp also protects against third-party registration
Whatsapp offers a similar PIN protection against unauthorized registration of your own account with the so-called verification in two steps. However, the PIN can be reset by e-mail if you have forgotten it.
In the case of signal, the PIN can neither be reset nor restored. If the PIN is forgotten and the registration is blocked, the account will be blocked for seven days.