A hacker has exploited a vulnerability in TeleMessage, a service that modifies encrypted messaging apps like Signal, Telegram, and WhatsApp, to access sensitive archived data linked to United States government officials and major companies, according to a report by 404 Media.

TeleMessage, owned by Israel-based firm Smarsh, enables clients to archive messages—including voice notes—from encrypted platforms. The service drew attention last week when it was revealed that former U.S. National Security Adviser Mike Waltz was using its customized version of Signal.

While messages from Waltz and other cabinet members were not compromised, the breach reportedly exposed the contents of other messages, contact information for U.S. government officials, backend login credentials for TeleMessage, and more. Data linked to U.S. Customs and Border Protection, cryptocurrency exchange Coinbase, and financial institution Scotiabank was among the information extracted.

The breach also revealed that archived chat logs sent via TeleMessage’s modded Signal app are not end-to-end encrypted once stored, raising concerns about the platform’s security model.

Smarsh, Signal, U.S. Customs and Border Protection, Coinbase, and Scotiabank did not immediately respond to requests for comment.