Telegram, the messaging app that prides itself to be among the largest privacy-focused platforms of its kind, has suffered a cyberattack that leaked information belonging to millions of its users.
According to reports, a database containing the user data was posted on a dark web forum – with a Russian-language media outfit reporting the case that has sent massive ripples across the tech world.
The leaked database, which is 900 MB in size, comprises user cellphone numbers and unique Telegram IDs.
Significant Amount of Data Is Mostly Outdated
In response to the data breach, Telegram has come out to confirm reports about the leaked user data – maintaining that all phone-based apps are normally at risk to this form of data breach. It turns out that the database was acquired after threat actors managed to exploit Telegram’s built-in contacts import feature that functions at user registration.
The cloud-based instant messaging app intimated that a significant proportion of the leaked data is outdated. Telegram’s account noted that 84 percent of the data borne in the stolen database had been harvested before mid-2019. Effectively, about 60 percent of the data entries affected by the cyberattack is deemed outdated.
In addition, Telegram reported that 70 percent of the leaked accounts had Iranian origins, with the remaining proportion accounting for those that came from Russia.
While speaking to Cointelegraph, Telegram’s spokesperson commented on the cyberattack by highlighting the common nature of the vulnerability across the contact-based messaging industry. According to him, the vulnerability is a significant challenge even for Telegram’s largest competitor WhatsApp.
The spokesperson insisted that the leaked database did not expose users to a high degree of damage as it only had the links between cellphone numbers and user IDs – with no evidence of hacker access to individual Telegram accounts, including the associated passwords, private messages and other forms of sensitive data.
Not the first Time
From the technical standpoint, Telegram subscribes to the standard approach of storing user data in the cloud. This means that if a hacker succeeds to gain control of the server system, they may be able to access metadata and encrypted information.
Particularly, Telegram usually asks new users for access to their contact list and goes ahead to store them on the server. This action leads to the accumulation of massive sets of social network information that may be hacked on their servers or supplied to authorities without user’s consent. This loophole is regularly exploited by cybercriminals, governments and nation-state actors to infringe on users’ privacy.
In the year 2019, during the pro-democracy campaign in Hong Kong, activists gave an alert about a technical issue that was being exploited by Chinese authorities.
Until then, Telegram had proven to be a dependable messaging platform that would be used by campaigners to pass information while avoiding interference from Chinese law enforcement.
The vulnerability was reportedly publicized on a popular Hong Kong online forum where users learnt about the bug, which targeted public access groups. The way it worked, the vulnerability would breach user privacy in groups where members had chosen to keep their cellphone numbers private.
In order to successfully expose the real identities of users, law enforcement agencies would upload thousands of phone numbers to a device and sync it with Telegram. This action would enable the authorities to match stored entries against the privately-stored numbers in a target access group before a telecommunications firm would be involved in revealing the identities of the Telegram users.
Ultimately, Telegram adjusted to the vulnerability by advancing its user privacy tools in September 2019, it introduced a new feature that enabled users to reveal their cellphone number “to nobody at all”.