While Telegram is not giving up on its ongoing legal battle with the U.S. regulators to launch its TON blockchain project, some online perpetrators are taking advantage of the messenger’s popularity to uncover millions of user records of third-party versions of the Telegram app.
According to a study by cybersecurity company Comparitech and security researcher Bob Diachenko, at least 42 million Iranian “Telegram” usernames and phone numbers have been leaked through unofficial versions of Telegram made by Iran, while real Telegram is banned in the country.
According to a March 30 report prepared by Comparitech, that data was shown online on the Internet without requiring any verification to access it. The data was reportedly visible on the Elasticsearch distributed search engine for approximately 11 days until it was deleted after Diachenko submitted an abuse report.
Diachenko explained that the number of leaked records reportedly corresponds to the number of affected “Telegram” users. He said:
“42 million is the number of records in the database that we assume are unique and correspond to the number of people affected.”
The reported data breach certainly carries significant risks, such as SIM swapping and phishing attacks, as well as other scams via the telephone numbers in the database. In addition, the leakage reveals data from as many as 42 million Iranian people who attempted to use Telegram, despite the application having been banned in the country since 2018.
The exposure would not have been possible without people who had used unofficial versions of Telegram Messenger, a Telegram spokesperson reportedly told Comparitech. Telegram emphasized that the leaked data came from unofficial Telegram applications or so-called “forks” from Telegram that are not affiliated with the official company. This became possible because Telegram is an open-source application that allows third parties to create their own versions of it.
Telegram reportedly said:
“We can confirm that the data appears to come from third party forks that extract user contacts. Unfortunately, despite our warnings, people in Iran are still using unverified apps. Telegram apps are open source, so it’s important to use our official apps that support verifiable builds. “
As reported by local publications, Iranians created a number of “fork” Telegram apps such as Telegram Talaeii and Hotgram in response to the messenger’s ban in the country. According to estimates, Talaeii and Hotgram collected approximately 30 million users in December 2018. According to the BBC, the estimated real Telegram messenger had approximately 50 million users in Iran as of 2018 before it was banned in the country.
While the latest data breach is not directly related to the official Telegram company, the actual messenger suffered a major hack in Iran in 2016. According to reports, Iranian hackers could compromise more than a dozen accounts to identify phone numbers of 15 million Telegram users in Iran, despite the messenger’s focus on user privacy and security.
In mid-March 2020, Chinese social media giant Weibo reported a massive data breach that reportedly led to its account information being leaked to 172 million users.