TeleMessage Customers Include DC Police, Andreessen Horowitz, JP Morgan,Hundreds

Summary

I've been digging through the 410 GB of Java heap dumps from TeleMessage's archive server, provided by DDoSecrets. Here's a description of the dataset, some of my initial findings, details about an upcoming open source research tool I'm going to release, and a huge list of potential TeleMessage customers.First, some background. This "clean OPSEC" saga is unbelievable.Mike Waltz invited a journalist into a Signal group full of high-level Trumpers where they discussed and executed bombing an apartment building full of innocent people. This led to Congressional hearings (about using a Signal group for war, not the war crimes themselves... Congress doesn't really care about those).Later, Waltz was photographed using TeleMessage SGNL, an Israeli-made knockoff of Signal that archives messages for its customers, and that lied about supporting end-to-end encryption. Then TeleMessage was hacked, twice. The trivial vulnerability let anyone on the internet download Java heap dumps from the server. Then, DDoSecrets released 410 GB of these heap dumps, all from May 4, 2025, and is distributing them to journalists and researchers."The trove included material from disaster responders, customs officials, several U.S. diplomatic staffers, at least one White House staffer and members of the Secret Service," according to a Reuters report. I'm crunching data and writing these newsletters in my free time. If you want to support my work, considering becoming a paid supporter. Become a paid supporter What even is this data?On May 4, a hacker loaded the URL archive.telemessage.com/management/heapdump over and over again, each time downloading a different Java heap dump from TeleMessage's server. Yes, the vulnerability was that simple, which is why it took about 20 minutes to find and exploit.Each file is between 130 MB and 291 MB, and is in Java HPROF format. The easiest way to see what's inside is using the command line tool strings, which extracts all the printable strings from a binary ...