While Telegram isn’t surrendering its progressing fight in court with United States controllers to dispatch its TON blockchain venture, some online culprits are exploiting the courier’s prominence to uncover a great many client records of outsider variants of Telegram application.
Per an examination by cybersecurity firm Comparitech and security specialist Bob Diachenko, in any event 42 million Iranian “Wire” usernames and telephone numbers were spilled through informal Iranian-made adaptations of Telegram, while genuine Telegram is prohibited in the nation.
42 million Iranians that are happy to utilize the prohibited flag-bearer got their information uncovered
As indicated by a March 30 report incorporated by Comparitech, those records were freely uncovered online on the web with no confirmation required to get to it. The information was supposedly uncovered on circulated internet searcher Elasticsearch for around 11 days until it was expelled after Diachenko recorded a maltreatment report.
Diachenko expounded to Cointelegraph that the quantity of spilled records purportedly compares to the quantity of “Message” clients influenced. He stated:
“42 million is the number of the records in the database which, we assume, are unique and correspond to the affected persons number.”
The reported data breach definitely poses significant risks like SIM swapping and phishing attacks as well as other scams using the phone numbers in the database. Moreover, the leakage reveals data of as many as 42 million Iranian people who were trying to still use Telegram despite the application being banned in the country since 2018.
Telegram blames Iranian people for using unofficial Telegram apps despite multiple warnings
The exposure wouldn’t have been possible without people using unofficial versions Telegram messenger, a Telegram spokesperson reportedly told Comparitech. Telegram emphasized that the leaked data came from unofficial Telegram applications or so-called “forks” of Telegram that are not affiliated with the official company. This became possible because Telegram is an open-source application that allows third parties to create their own versions of it.
Telegram reportedly said:
“We can confirm that the data seems to have originated from third-party forks extracting user contacts. Unfortunately, despite our warnings, people in Iran are still using unverified apps. Telegram apps are open source, so it’s important to use our official apps that support verifiable builds.”
As reported by local publications, Iranians created a number of “fork” Telegram apps like Telegram Talaeii and Hotgram in response to the messenger’s ban in the country. According to estimations, Talaeii and Hotgram amassed about 30 million users as of December 2018. According to BBC, real Telegram messenger was estimated to have about 50 million users in Iran as of 2018 before it was banned in the country.
While the latest data breach doesn’t involve the official Telegram company directly, the actual messenger suffered a major hack in Iran back in 2016. According to reports, Iranian hackers were able to compromise more than a dozen accounts to identify phone numbers of 15 million Telegram users in Iran despite the messenger’s focus on user privacy and security.
In mid-March 2020, Cointelegraph reported on Chinese social media giant Weibo experiencing a massive data breach that reportedly led to 172 million users having their account information leaked.