A screengrab of a page from a Pentagon-wide memo warning against using the messaging app Signal.
NPR
hide caption
toggle caption
NPR
Several days after top national security officials accidentally included a reporter in a Signal chat about bombing the Houthi sites in Yemen, a Pentagon-wide advisory warned against using the messaging app, even for unclassified information.
“A vulnerability has been identified in the Signal messenger application,” begins the department-wide email, dated March 18, obtained by NPR.
The memo continues, “Russian professional hacking groups are employing the ‘linked devices’ features to spy on encrypted conversations.” It notes that Google has identified Russian hacking groups who are “targeting Signal Messenger to spy on persons of interest.”
Moreover there was a memo in 2023 obtained by NPR warning of using Signal for using any non-public official information.
In a statement to NPR, Signal spokesperson Jun Harada said the most recent Pentagon memo is not calling Signal’s encryption weak, rather that Signal users must be careful with their phones and with whom they let into their chats: “It is not reporting a problem with Signal’s core technology. It is warning people about phishing attacks which were targeting high level Signal accounts.”
The March 18, 2025 Pentagon memo adds, “Please note: third-party messaging apps (e.g. Signal) are permitted by policy for unclassified accountability/recall exercises but are not approved to process or store non-public unclassified information.”
The encrypted Signal app is what Defense Secretary Pete Hegseth and other leading national security officials within the administration used to discuss bombing Houthi earlier this month. The Atlantic editor Jeffrey Goldberg was inadvertently added to the group and privy to the highly sensitive discussions.
In the military, sending classified data over insecure channels is called “spillage” when it’s considered minor, but even that can be a career ender for a military officer.
The 2023 DoD memo prohibited use of mobile applications for even “controlled unclassified information,” which is many degrees less important than information about on-going military operations.
There’s almost no precedent for the heads of Defense, State, Intelligence and National Security to be sharing such sensitive military intelligence in a forum that was known to be unsecured.
NPR’s Bobby Allyn contributed to this story.
NPR disclosure: Katherine Maher, the CEO of NPR, chairs the board of the Signal Foundation.