The popular messaging Telegram messaging application has been breached by an unknown hacking group. This has resulted in the theft of internal databases which has allowed the criminals to access personal information of millions of users who are registered for the service.
Hackers Have Now Breached Telegram Hijacking Sensitive Data Of Millions of App Users
One of the recent breaches which has been reported to the security community concerns Telegram. This is one of the popular privacy-centric messaging applications which are used across all modern mobile and desktop platforms. To this date it was considered one of the best options in this category.
The breach was discovered after the database and information about its contents was posted on one of the underground community marketplaces. The file contains the phone numbers of users alongside with their unique Telegram user IDs — information that is designed to be hidden from the users and considered private.
The cause for this intrusion is a vulnerability exploit which was done via the application’s contact export feature. This is accessible when a new registration for a user is made. It appears that the hackers were able to use this in order to hijack the information. Following the public disclosure Telegram reported that the majority of collected data is outdated — 84% of it has been collected before mid-2019 and o it 60% is considered inaccurate. A very large part of all affected accounts, totaling 70% are located in Area while the remaining 30% are from Russia.
Telegram follows the same mechanism as other phone-based instant messaging clients by including a contact adding feature. It works by analyzing the contacts list stored in the phone or in other applications and comparing it to the Telegram database. If a match is found the user will be shown in the friends screen of the Telegram application.
Telegram has reported data breaches in the past as other similar applications as well. This recent breach shows that even the most secure applications and those that are deemed private can become victims of a dangerous hacking attack.