28th June 2020, Kathmandu
Telegram, a Cloud-based messaging app, has suffered a data leak after anonymous hackers exposed personal details of its users on darknet forums. According to a Russian Publication, the exposed database contains phone numbers, unique Telegram user IDs, and other sensitive information.
However, the exact number of users affected by this incident is still unclear. The size of the leaked database is about 900 megabytes.
In its defense, Telegram said that it is a built-in contact export vulnerability which is a primary concern for all such contact-based apps.
According to reports, 70% of the leaked accounts were from Iran, while the remaining 30% were from Russia.
Moreover, it said that the leaked data is out of date. Telegram claims that 84% of the data were collected before mid-2019 and at least 60% of it is inaccurate.
Common Vulnerability Among Apps
“Like other phone-based messengers (Facebook Messenger, WhatsApp, Viber), Telegram allows you to see which of your contacts are also using the app,” a Telegram spokesperson informed Cointelegraph.
The spokesperson added that most contact-based apps face the challenges of malicious users attempting to upload multiple phone numbers and build databases that match them with user IDs – similar to this incident.
Not the First for Telegram
While most claim that Telegram is a privacy-focused and secure app, it is not its first data leak incident. In August 2019, Hong Kong activists reported a vulnerability that exposed their phone numbers to allow law enforcement to track them.
Similarly, it also faced a DDoS (Distributed Denial of Service attack) in June 2019. Telegram revealed that this attack affected users in the US, Hong Kong, and in other countries.
Telegram had to release an apology on Twitter following the incident.
After such unpleasant experiences, the company introduced new privacy measures that hid the user’s phone numbers from everyone.
Recently, Russia also lifted a two-year ban on Telegram after many unsuccessful ban attempts.
The data breaches and leaks have spiked up during the pandemic. In fact, cybercriminals are exploiting the fear of COVID-19 to scam users.
You may also like to read: