Telegram appears to be the latest tech company to suffer a significant data breach, as hackers have now exploited a flaw in the platform’s code to steal user data. Yesterday, Russian-language tech publication Kod.ru reported that the mobile messaging platform had been hit with a security incident, after sources found a database of user data on a dark Net forum.
Telegram’s Growing Rap Sheet with Privacy Issues
Per the news medium, the hackers had imported Telegram’s data import feature to steal the details. The database found on the Dark Net reportedly contains information on millions of users, with data sets including phone numbers, Telegram user IDs, and more.
The entire database holds up to 900 megabytes of data, although it remains unclear how it managed to leak on the dark Web.
Kod.ru added that Telegram had acknowledged the leaked database. The company pointed out that the hackers had broken into its system through the data import feature and a flaw in the registration module. It also added that most of the data in the leaked database were outdated – the company collected up to 84 percent of the data in it before mid-1019, so about 60 percent of the data entries are now invalid.
The incident is just the latest in tech firms being exploited in one way or another at this period. Hacks and data breaches have been particularly rampant since the coronavirus pandemic began, as cybercriminals have been on the prowl. Video conferencing platform Zoom has seen its significant share of data breaches, as have several other top firms.
However, it’s becoming a bit of a recurrent theme for Telegram. Last August, activists in Hong Kong reported that the platform contained a vulnerability that exposed their phone numbers. Per a Forbes report, the vulnerability allowed Chinese law enforcement agencies to track the activists’.
Since they were active protesters in the Hong Kong-China conflict, this left them vulnerable to attacks. Telegram immediately acted, upgrading its privacy suite to include a feature that could shield their phone numbers.
Data Breaches on the Rise
Data breaches have also been quite rampant over the past few weeks. Considering that most hacks leave companies’ information laid bare for hackers, these criminals have been more than happy to share the information with their colleagues over the Dark Web.
Last month, a prominent hacker published three databases on the forum, all containing the information on users of three large crypto wallet manufacturers – Ledger, Trezor, and KeepKey.
Under the Breach, a cybercrime monitoring site, spotted the databases towards the end of last month. Per a report, the hackers published the databases, containing information on over 80,000 users combined. The information included the name, physical address, phone number, and email addresses of the users. Most notably, it didn’t include their passwords.
When split, the hacker claimed that he had gotten almost 41,500 Ledger users, over 27,100 Trezor users, and KeepKey’s 14,000 customers. Several chat logs on Twitter also showed that he managed to steal the data by exploiting a vulnerability on Shopify – something that the e-commerce giant has reportedly denied so far.