Comparitech along with the popular researcher Bob Diachenko discovered 42 million Iranian ‘Telegram’ user IDs and phone numbers online.
The accounts belong to Iranian users, they are from a third-party version of the Telegram app.
The data was published by a group called “Hunting system” (translated from Farsi) on an unsecured Elasticsearch cluster. The archive was shut down after Diachenko reported the incident to the hosting provider on March 25.
According to Telegram, the data came from an unofficial “fork” of
“We can confirm that the data seems to have originated from third-party forks extracting user contacts. Unfortunately, despite our warnings, people in Iran are still using unverified apps. Telegram apps are open source, so it’s important to use our official apps that support verifiable builds.” a Telegram spokesperson told Comparitech.
The bad news is that other unauthorized parties might have accessed the data while it was exposed, experts reported that at least one user had posted the data to a hacker forum.
The exposed data poses a serious risk to users in a country like Iran, nation-state actor could use them to target specific individuals that use Telegram (or a fork of the instant messaging app) for surveillance purposes.
The exposed records included user data originating from Iran, such as User account IDs, Usernames, Phone numbers, Hashes, and secret keys.
The experts pointed out that hashes and secret keys can’t be used to access accounts.
“They only work from inside the account to which they belong, according to a Telegram spokesperson.” continues the post.
Below the timeline of the exposure: