40 millions Telegram users’ data leaked in darknet; a 900MB database

Network perimeter security specialists revealed the discovery of a database (nearly 900 MB) with millions of records of Telegram users. This information was found in a dark web forum and the source of this leak is not yet detected.

Researchers on the KOD.RU platform found phone numbers linked to Telegram accounts, identified by nicknames; researchers even found their own phone numbers exposed. In addition, the file also contains a unique user ID in the application. For now, researchers have not identified the exact number of users affected by this incident.

Esta imagen tiene un atributo ALT vacío; su nombre de archivo es telegramleak01.jpg

In this regard, the company’s Public Relations managers acknowledged the report, noting that this information was collected through the contact import function incorporated into the service.

Network perimeter security specialists mentioned that these databases contain details such as phone number and user ID, confirming that the information was collected using a Telegram mechanism: “Those responsible for the leak abused the contact import function; unfortunately, users can’t completely disable this classification,” they mention.

Esta imagen tiene un atributo ALT vacío; su nombre de archivo es telegramleak02.jpg

Telegram representatives also reported that most of the accounts listed are inactive. In addition, the measures implemented by the company help protect users’ phones: “A database analysis shows that the additional measures taken in late summer 2019 were effective; more than 80% of this information was collected more than a year ago.”

According to network perimeter security specialists, after the demonstrations in Hong Kong a few months ago, Telegram enabled some security features, including the “Who can add me using my phone number” feature, which makes it difficult to detect a user, completely hiding in link between their number and their Telegram accounts. This function is widely used by dissidents, political activists and even public officials.

Telegram added that almost 70% of the accounts in the database are from users in Iran, while the remaining 30% belong to users in Russia. Previously, bots were discovered in the messaging app that, through the phone number, provided personal and financial data of some Ukrainian citizens. The actual damage these leaks could cause remains to be seen.

For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.