Telegram, one of the world’s largest messaging apps, had millions of its users' records shared on a data leak forum, exposing email addresses and phone numbers. Telegram denies private user data was exposed.
-
Over 200M Telegram user records containing emails, phone numbers, and usernames were exposed, attackers claim.
-
Experts warn the exposed contact information could enable massive phishing campaigns targeting affected Telegram users worldwide.
-
Researchers are uncertain whether the leak represents a new breach or a compilation of previously scraped and stolen Telegram user data.
-
The data leak post appeared on January 24th and has remained active with daily user engagement.
The post was shared on a popular data leak forum, where attackers exchange stolen information and databases. According to the post’s author, the data was collected from databases shared on Telegram-based hacking channels.
The leaked dataset includes at least three databases named “Telegram user data,” “Source platform,” and “Telegram.” According to the attackers, over 200 million records are spread across the three databases. Uncompressed, the databases contain a whopping 44GB of data.
According to Telegram representative, the allegedly leaked records only reveal user ID and public username, with no private data getting exposed.
“These records appear to be the result of importing contacts and so reveal only the user ID and public username. No private data is exposed and users are not at risk. While no system can stop this completely, Telegram strictly limits the import of contacts to combat misuse,” Telegram's representative told Cybernews.
What Telegram user data attackers claim to have?
Meanwhile, the Cybernews research team investigated a data sample that attackers attached to the post. According to our team, the information shared on the data leak forum includes:
- Telegram usernames
- Names
- Email addresses
- Phone numbers
At this point, it is not clear whether the data corresponds to a new data breach or to a collection of previously scraped or stolen details. While researchers believe some details can be scraped, information such as emails and phone numbers is not usually public on the platform.
“The data probably isn't scraped since Telegram user emails are not publicly accessible unless this is a combination of the scraped data as well as information from older data breaches,” our researchers said.
However, the team noted that Telegram users can set their details to public if they wish, which means the data-scraping idea cannot be ruled out entirely. Our team noted that the data collection appears to include 66 million phone numbers and user IDs, as well as 10 million user records.
At this point, we couldn’t check how many duplicates are present in the dataset, which could make the actual impact of the leak far smaller.
“The database mainly contains contact information, so the most obvious impact is its exploitation for phishing campaigns. However, the number of numbers is quite large, which would enable launching massive phishing campaigns,” our team explained.
Interestingly, the post announcing the data leak was posted on January 24th, and users have been commenting on it nearly every day since it was uploaded to the data leak forum.
Our team observed 60 million likely Telegram records in the dataset, including several collections that exposed 16 billion credentials in total.
Last December, cybersecurity consulting firm NVISO announced that Telegram has become a hotspot for attackers of all levels, going so far as to advise businesses that do not have an essential business need to block Telegram's API altogether.
Updated on February 11th [03:50 p.m. GMT] with a statement from Telegram.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked