silversurfer

Level 64
Verified
Trusted
Content Creator
Malware Hunter
Security researchers have discovered tens of millions of accounts from a third-party version of Telegram that were leaked online in another cloud misconfiguration.

Bob Diachenko and the Comparitech team found the exposed data on March 21. It had been posted to an Elasticsearch cluster, password-free, by a group called “Hunting system” in Farsi.

Although the cluster was deleted on March 25, a day after Diachenko informed the hosting provider, at least one user had apparently already posted it to a hacking forum.

That’s bad news, because the trove contained 42 million records from a third-party version of popular messaging app Telegram. They included user account IDs, phone numbers, names, and hashes and secret keys.

As Telegram has been banned in Iran since anti-government protests in 2018, the database could put users at risk of being singled out by the authorities as having something to hide.

Although the hashes and keys can’t be used to access accounts, third-party hackers could use the other information in financially motivated attacks, warned Comparitech.
 
Last edited:

SeriousHoax

Level 30
Verified
Malware Tester
What do you mean, Telegrams fault?
leaked online in another cloud misconfiguration
This looks like something was wrong from Telegram's end. Third party apps exist because Telegram makes their API available for third party devs similar to Twitter but Twitter's data has never been revealed by any third party app. So maybe some fault in their API let that third party app access Telegrams private data. Anyway, I'm guessing this so correct me if I'm wrong.
 

upnorth

Moderator
Verified
Staff member
Malware Hunter
This looks like something was wrong from Telegram's end. Third party apps exist because Telegram makes their API available for third party devs similar to Twitter but Twitter's data has never been revealed by any third party app. So maybe some fault in their API let that third party app access Telegrams private data. Anyway, I'm guessing this so correct me if I'm wrong.
I'm also not sure, but from what I saw from the main source, Telegram made an official statement.
“We can confirm that the data seems to have originated from third-party forks extracting user contacts. Unfortunately, despite our warnings, people in Iran are still using unverified apps. Telegram apps are open source, so it’s important to use our official apps that support verifiable builds.”
Another one that caught my eye is, Elasticsearch.
 
Top