Giant Telegram user database just hit hacker forums: here's why that's bad news
Telegram wants to message you? Be very, very suspicious.

Image by Cybernews.
- Cybercriminals are selling a database allegedly containing 182 million Telegram user records, including usernames, phone numbers, and IDs.
- The data exposure mainly affect Russian-speaking Telegram users.
- Cybernews researchers reviewed sample records but could not confirm the database’s full size or whether Telegram was the source.
- Exposed data could help scammers create targeted phishing messages, impersonate trusted accounts, and contact users through Telegram, SMS, or WhatsApp.
Cybercriminals are selling a database allegedly containing 182 million Telegram user records, raising concerns that exposed data could fuel a wave of highly targeted scams.
A threat actor has listed a text file weighing 41.1GB for sale on a cybercrime forum, claiming it contains 182 million user records with personal identifiers.
To prove their claims, the threat actor shared 60 sample records. The Cybernews research team has investigated the data samples. Our researchers found that the exposed records appear to belong predominantly to Russian-speaking users, suggesting the data may have been collected from Russian online services or Telegram channels rather than taken from a single source.
The sample includes combinations of:
- Usernames
- Phone numbers
- Telegram user IDs
- Full names in some cases
However, from the provided data samples, it is impossible to verify the claimed scope.
Users are at risk of social engineering
While the exposed data could not be exploited to log in to Telegram or to carry out account takeovers, a leaked file containing Telegram usernames and phone numbers is a treasure trove for scammers.
By combining usernames, phone numbers, and Telegram identifiers, attackers could craft highly personalized phishing messages that appear far more legitimate. For example, an attacker might reference a victim's Telegram account by name while posing as Telegram Support or a trusted cryptocurrency exchange.
Telegram users are regularly targeted by phishing campaigns, making such personalized approaches particularly effective.
“There seems to be a huge number of posts related to people getting SMS from supposedly Telegram saying their account is about to get blocked and they need to verify their account by following the link,” wrote one user on Reddit, warning users of the phishing attack.“Seeing a lot of Telegram scams where someone copies a group admin's display name and profile photo, then DMs members pretending to be them. Usually asking people to "verify their wallet" or click a link,” wrote another one.
Stay updated with our latest stories and follow us on social media
Be the first to discover new stories, ideas, and updates from our team.
Telegram users may receive unsolicited messages
Attackers can exploit usernames to find and contact users on the platform and, for example, add them to malicious Telegram groups.
Paired with a phone number, this provides additional ways to reach potential victims, as scammers can also use it to contact them via SMS or WhatsApp.
They may attempt to convince victims to reveal their credentials, enable malicious bots, or visit phishing sites. A phone number can often be correlated with information from other public sources or previous data breaches to build more detailed profiles of potential victims.
It is not uncommon for large datasets containing user records to appear on illicit marketplaces. In June, a massive dataset with Instagram users’ phone numbers and personal identifiers was distributed on hacker forums.