Comparitech along with the popular researcher Bob Diachenko discovered 42 million Iranian ‘Telegram’ user IDs and phone numbers online.
The accounts belong to Iranian users, they are from a third-party version of the Telegram app.
Telegram is the most popular messaging app in Iran, with more than 50 million registered users nationwide. It’s used by dissidents and government opponents because its conversations can’t have eavesdropped.
Telegram was blocked permanently in early 2018 following local anti-government protests and civil unrest. Since 2018, many users continue the access it through proxies and VPNs, others use third-party unnofficial fork versions.
The data was published by a group called “Hunting system” (translated from Farsi) on an unsecured Elasticsearch cluster. The archive was shut down after Diachenko reported the incident to the hosting provider on March 25.
According to Telegram, the data came from an unofficial “fork” of Telegram, this is possible because the popular instant messaging app is an open-source application that allows third parties to develop their own versions. The availability of unofficial fork of the app is not surprising because the official Telegram app is frequently blocked in Iran.
“We can confirm that the data seems to have originated from third-party forks extracting user contacts. Unfortunately, despite our warnings, people in Iran are still using unverified apps. Telegram apps are open source, so it’s important to use our official apps that support verifiable builds.” a Telegram spokesperson told Comparitech.
The bad news is that other unauthorized parties might have accessed the data while it was exposed, experts reported that at least one user had posted the data to a hacker forum.
The exposed data poses a serious risk to users in a country like Iran, nation-state actor could use them to target specific individuals that use Telegram (or a fork of the instant messaging app) for surveillance purposes.
The exposed records included user data originating from Iran, such as User account IDs, Usernames, Phone numbers, Hashes, and secret keys.
The experts pointed out that hashes and secret keys can’t be used to access accounts.
“They only work from inside the account to which they belong, according to a Telegram spokesperson.” continues the post.
Below the timeline of the exposure:
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – privacy, data leak)
[adrotate banner=”5″]
[adrotate banner=”13″]
U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog.…
The U.S. Department of Justice (DoJ) announced the arrest of two co-founders of a cryptocurrency mixer…
Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics…
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November…
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute…
The Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their…
This website uses cookies.