Security researchers have discovered tens of millions of accounts from a third-party version of Telegram that were leaked online in another cloud misconfiguration.
Bob Diachenko and the Comparitech team found the exposed data on March 21. It had been posted to an Elasticsearch cluster, password-free, by a group called “Hunting system” in Farsi.
Although the cluster was deleted on March 25, a day after Diachenko informed the hosting provider, at least one user had apparently already posted it to a hacking forum.
That’s bad news, because the trove contained 42 million records from a third-party version of popular messaging app Telegram. They included user account IDs, phone numbers, names, and hashes and secret keys.
As Telegram has been banned in Iran since anti-government protests in 2018, the database could put users at risk of being singled out by the authorities as having something to hide.
Although the hashes and keys can’t be used to access accounts, third-party hackers could use the other information in financially motivated attacks, warned Comparitech.