Telegram, a cloud-based messaging app, suffered a data breach after unknown hackers exposed personal details of its users on darknet forums, according to a report from Russian publication Kod.ru. The exposed database contains phone numbers, unique Telegram user IDs, and other sensitive information. While it is unclear exactly how many users were affected in the incident, the exposed database is about 900 megabytes.
According to Kod.ru, the information was exposed via the Telegram app’s built-in contact export feature, which is used for user registration. Most of the exposed data is outdated, with 84% of it collected before mid-2019 and around 60% of it is irrelevant. It is said that 70% of the leaked accounts are related to users in Iran and the remaining 30% were from Russia.
“When checking through the program, the editors of Kod.ru found telephone numbers by nicknames in Telegram, including the numbers of the editors. In addition, the file also contains a unique user identifier in the messenger. At the moment, it is unclear exactly how many users were in the database,” Kod.ru reported.
Telegram stated that built-in contact export feature vulnerability is a primary concern for all contact-based messenger apps, Cointelegraph reported. “Like other phone-based messengers (Facebook Messenger, WhatsApp, Viber), Telegram allows you to see which of your contacts are also using the app. Unfortunately, any contacts-based app faces the challenge of malicious users trying to upload many phone numbers and build databases that match them with user IDs – like this one,” Telegram said in a statement.
This is not the first time that Telegram’s user data is being exposed. In June 2019, Telegram suffered a DDoS (Distributed Denial of Service attack) attack that affected the users in the U.S., Hong Kong, and in other countries. Telegram took to Twitter to notify its users. “We’re currently experiencing a powerful DDoS attack, Telegram users in the Americas and some users from other countries may experience connection issues,” Telegram said in a Twitter post. Describing the attack Telegram said, A DDoS is a Distributed Denial of Service attack: your servers get GADZILLIONS of garbage requests which stop them from processing legitimate requests. Imagine that an army of lemmings just jumped the queue at McDonald’s in front of you – and each is ordering a whopper.
September 24-25, 2025 Location: RAI, Amsterdam, Netherlands Website: https://shorturl.at/3tQu4 Cyber Security Expo Europe 2025 lands…
July 3-5, 2025 Location: Tivat, Montenegro Website: https://game-changer.tech/ Tivat Becomes a Hub of Innovation and…
June 11-12, 2025 Location: Mumbai, India CyberSec India Expo 2025 is India’s premier cybersecurity event,…
October 7-9, 2025 Location: Nuremberg, Germany Website: https://shorturl.at/DhXLj it-sa: Security for the digital future it-sa:…
July 10, 2025 Location: Manchester Central, Manchester, M2 3GX Website: https://bit.ly/43tNakH The Cyber Security EXPO…
June 26, 2025 Location: Hyderabad, India CISO India Connect 2025 is an invite-only summit bringing…