← All stories
Media & Journalism

Intercept Signal Tip Line Compromised for Months, Likely by China-Based Actor

Breaking Points · Intercept Tip Line BREACHED Risking Whistleblowers · July 3, 2026
Intercept Signal Tip Line Compromised for Months, Likely by China-Based Actor
Breaking Points
Breaking Points
Intercept Tip Line BREACHED Risking Whistleblowers
"somebody went in and claimed the intercepts signal account which I think the intercept.01 um and started messaging and start and also set up a um Twitter account that was they said they were the intercepts kind of investigative intake side. So, this this fake account here, and then this is me reaching out to them, um would underneath a tweet by the White House or Chuck Schumer or Jim Jordan, would say, 'If you have more information on this, reach out to the Intercept at the Intercept.01 signal.'"
Ryan Grim reveals that The Intercept's Signal tip line was hijacked for an extended period after becoming dormant, with an unauthorized party claiming the account and actively soliciting tips from potential sources while impersonating the news organization. The actor, appearing to operate from Hong Kong/Beijing time zone, created fake social media accounts and posed as The Intercept's investigative team under high-profile political posts. The Intercept issued only a minimal security update without warning sources who may have been compromised.

About this episode

Ryan Grim reports on Breaking Points about a major security breach at The Intercept involving its Signal tip line for confidential sources. The investigation reveals that The Intercept's Signal account became dormant due to inactivity and was subsequently claimed by an unauthorized party who impersonated the news organization for an extended period, possibly months or longer. The fraudulent operator created fake Twitter accounts using The Intercept's branding and actively solicited tips from potential whistleblowers under high-profile political posts from figures like the White House, Chuck Schumer, and Jim Jordan. Analysis of the account activity suggests the operator was based in the Hong Kong/Beijing time zone, with English-as-a-second-language communication patterns, raising concerns about potential foreign intelligence involvement. The Intercept's response has been criticized as inadequate, issuing only a brief notice about updating security practices and creating a new Signal handle without explicitly warning sources who may have communicated with the compromised account. Grim emphasizes that The Intercept cannot know whether sources were compromised since communications went directly to the third party. The incident exposes both a technical vulnerability in Signal's dormant account policies and organizational failures in source protection at a major investigative journalism outlet. The discussion highlights broader implications for journalistic security practices and the protection of confidential sources in the digital age.

Key takeaways

More stories More from Breaking Points