42 million Iranian “Telegram” user IDs and phone numbers leaked online
42 million user IDs and phone numbers for a third-party version of Telegram were exposed online without a password. The accounts belong to users in Iran, where the official Telegram app is blocked.
42 million records from a third-party version of messaging app Telegram used in Iran was exposed on the web without any authentication required to access it. Comparitech worked with security researcher Bob Diachenko to uncover and report the exposure, which included usernames and phone numbers, among other data.
The data was posted by a group called “Hunting system” (translated from Farsi) on an Elasticsearch cluster that required no password nor any other authentication to access. It was removed after Diachenko reported the incident to the hosting provider on March 25.
Telegram says the data came from an unofficial “fork” of Telegram, a version of the app unaffiliated with the company. Telegram is an open-source app, allowing third parties to make their own versions of it. Because the official Telegram app is frequently blocked in Iran, many users flock to unofficial versions.
A Telegram spokesperson told Comparitech, “We can confirm that the data seems to have originated from third-party forks extracting user contacts. Unfortunately, despite our warnings, people in Iran are still using unverified apps. Telegram apps are open source, so it’s important to use our official apps that support verifiable builds.”
👉🏼 Read more:
https://www.comparitech.com/blog/information-security/iranian-telegram-accounts-leaked/#leak #Iran #telegram
📡@cRyPtHoN_INFOSEC_DE📡@cRyPtHoN_INFOSEC_EN📡@BlackBox_Archiv 
