The FBI has issued a warning to all Americans who send text messages using iPhones and Android phones.

NBC reports that an “unprecedented cyberattack” dubbed “Salt Typhoon” by Microsoft may have leaked private communications to foreign hackers. Officials said China targeted major telecommunications companies such as AT&T, Verizon and Lumen Technologies to spy on customers.

What you should do:

The FBI and CISA (Cybersecurity and Infrastructure Security Agency) recommend people use encrypted messaging apps like WhatsApp and Signal to minimize the chances of hackers intercepting their text messages. Both WhatsApp and Signals also enable encrypted phone conversations between users over the internet.

Apple iMessages, which appear blue between iPhone users, and Google Messages, which are sent between Android users, are also fully encrypted.

However, texts sent from an iPhone to an Android device and vice versa are not fully encrypted. According to NBC, messages between different devices are only encrypted using Rich Communications Services (RCS), all of which are decrypted by Google in the US.

Telegram, another messaging app, claims that it offers end-to-end encryption, but conversations are reportedly not encrypted by default and have been audited by cybersecurity experts.

“Our suggestion that we’ve been telling people internally is not new here: Encryption is your friend, whether it’s text messaging or whether you have the ability to use encrypted voice communications. Even if the attacker was able to intercept the data, it would be impossible to encrypt it if it were encrypted,” Jeff Greene, deputy director of cybersecurity at CISA, told NBC.

More about encryption and the hack:

According to Yahoo! Messages: Encryption is a technology that encrypts messages and requires a “key” to see or hear them. WhatsApp and Signal are apps that automatically use end-to-end encryption between users who have the unique code to decrypt messages. The company owner and operator of the apps will not have access to them, even if they are hacked or there is a court order.

Forbes reports that hackers likely obtained temporary call and text records from wireless companies, including which phone numbers called or texted and when, but likely did not obtain extensive call and text content.

Officials did not say how many Americans may be compromised, but Greene told NBC the Chinese hacking campaign is so large that it is “impossible to predict a time frame for when we will complete the full eviction.”

CISA, America’s cyber defense agency, released “Enhanced Visibility and Hardening Guidance for Communications Infrastructure” on Wednesday. U.S. organizations that identify suspicious activity are asked to contact their local FBI field office, the FBI’s Internet Crime Complaint Center (IC3), or CISA at 1-844-Say-CISA (1-844-729- 2472) or email [email protected] or report online at cisa.gov/report.