While Telegram isn’t giving up its ongoing legal battle with United States regulators to launch its TON blockchain project, some online perpetrators are taking advantage of the messenger’s popularity to expose millions of user records of third-party versions of Telegram app.
Per an investigation by cybersecurity firm Comparitech and security researcher Bob Diachenko, at least 42 million Iranian “Telegram” usernames and phone numbers were leaked via unofficial Iranian-made versions of Telegram, while real Telegram is banned in the country.
42 million Iranians that are willing to use the banned messenger got their data exposed
According to a March 30 report compiled by Comparitech, those records were publicly exposed online on the web without any authentication required to access it. The data was reportedly exposed on distributed search engine Elasticsearch for about 11 days until it was removed after Diachenko filed an abuse report.
Diachenko elaborated to Cointelegraph that the number of leaked records purportedly corresponds to the number of “Telegram” users affected. He said:
“42 million is the number of the records in the database which, we assume, are unique and correspond to the affected persons number.”
The reported data breach definitely poses significant risks like SIM swapping and phishing attacks as well as other scams using the phone numbers in the database. Moreover, the leakage reveals data of as many as 42 million Iranian people who were trying to still use Telegram despite the application being banned in the country since 2018.
Telegram blames Iranian people for using unofficial Telegram apps despite multiple warnings
The exposure wouldn’t have been possible without people using unofficial versions Telegram messenger, a Telegram spokesperson reportedly told Comparitech. Telegram emphasized that the leaked data came from unofficial Telegram applications or so-called “forks” of Telegram that are not affiliated with the official company. This became possible because Telegram is an open-source application that allows third parties to create their own versions of it.
Telegram reportedly said:
“We can confirm that the data seems to have originated from third-party forks extracting user contacts. Unfortunately, despite our warnings, people in Iran are still using unverified apps. Telegram apps are open source, so it’s important to use our official apps that support verifiable builds.”
As reported by local publications, Iranians created a number of “fork” Telegram apps like Telegram Talaeii and Hotgram in response to the messenger’s ban in the country. According to estimations, Talaeii and Hotgram amassed about 30 million users as of December 2018. According to BBC, real Telegram messenger was estimated to have about 50 million users in Iran as of 2018 before it was banned in the country.
While the latest data breach doesn’t involve the official Telegram company directly, the actual messenger suffered a major hack in Iran back in 2016. According to reports, Iranian hackers were able to compromise more than a dozen accounts to identify phone numbers of 15 million Telegram users in Iran despite the messenger’s focus on user privacy and security.
In mid-March 2020, Cointelegraph reported on Chinese social media giant Weibo experiencing a massive data breach that reportedly led to 172 million users having their account information leaked.