Pierluigi Paganini October 03, 2024

Telegram fulfilled over a dozen U.S. law enforcement data requests this year, potentially revealing the IP addresses or phone numbers of 100+ users.

Independent website 404 Media first revealed that in 2024 Telegram has fulfilled more than a dozen law enforcement data requests from the U.S. authorities.

The social media platform “potentially revealed” that it has shared the IP addresses or phone numbers of over 100 users with law enforcement.

In the past, Telegram claimed that it has never supported law enforcement investigations, however recently it has updated its policy on data sharing with authorities.

At the end of September, Telegram updated its privacy policy informing users that it will share users’ phone numbers and IP addresses with law enforcement in response to valid legal requests.

The company CEO Pavel Durov announced the policy update. Telegram will comply with requests from law enforcement if the user under investigation is found to be violating the platform’s rules.

“If Telegram receives a valid order from the relevant judicial authorities that confirms you’re a suspect in a case involving criminal activities that violate the Telegram Terms of Service, we will perform a legal analysis of the request and may disclose your IP address and phone number to the relevant authorities. If any data is shared, we will include such occurrences in a quarterly transparency report published at: https://t.me/transparency.” reads the updated privacy policy.

In a message on its Telegram Channel, Durov revealed that over the last few weeks, a dedicated team of moderators, leveraging AI, has worked on its platform to identify and remove problematic content from the app.

The company announced that data shared with authorities will be disclosed in the company’s quarterly transparency reports, accessible via a bot.

According to the “Transparency report for the period 01.01.24–30.09.24,” the number of “Fulfilled requests from the United States of America for IP address and/or phone number: 14. Affected users: 108.” Some data requests, likely occurred before Telegram’s CEO was arrested.

“For example, in Brazil, we disclosed data for 75 legal requests in Q1 (January-March) 2024, 63 in Q2, and 65 in Q3. In India, our largest market, we satisfied 2461 legal requests in Q1, 2151 in Q2, and 2380 in Q3.” Durov wrote on his Telegram channel. “In Europe, there was an uptick in the number of valid legal requests we received in Q3. This increase was caused by the fact that more EU authorities started to use the correct communication line for their requests, the one mandated by the EU DSA law. Information about this contact point has been publicly available to anyone who viewed the Telegram website or googled “Telegram EU address for law enforcement” since early 2024.”

Despite 404 Media report, at the time of this writing, I’m not able to retrieve the report from the bot.

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, Telegram)