Telegram Exposed 361 Million Accounts in a Shocking Data Breach!

  • By Farrukh Mushtaq

    Farrukh Mushtaq

    Author Image

    Farrukh Mushtaq, a digital marketer at PureSquare, possesses a keen interest in cybersecurity and enjoys writing about it. With several years of experience in the digital marketing industry, he brings expertise and passion to his work.

    See author profile
  • 11 June 2024
  • 7 mins read

Table of Content

Table of Contents

In a huge security breach, a database of personal information, including login passwords for over 361 million accounts, was discovered circulating on Telegram. 

This troubling data leak raises major concerns regarding the safety of personal information and internet platform operations.

What Information is Revealed?

The Telegram information hack did not result in new breaches but rather a vast collection of already exposed passwords. This data includes email addresses, passwords (often in plain text), and even URLs holding those credentials for various internet services. 

The data was most likely taken from thousands of Telegram channels and organised by providers (such as Gmail) or countries. 

This implies that hackers could use this information to access your accounts on several platforms, particularly if you repeat passwords across websites.

Troy Hunt, the security expert who received and investigated the Telegram data leak, contacted some of his current subscribers on HIBP (Have I Been Pwned) to confirm the accuracy of the leaked information. 

One of them said:

“It started about a month ago, a maximum of 6 weeks. I use a Macbook and an iPhone, only a Windows PC at work, maybe it happened there? 

About a week ago there was an extreme spam attack on my Gmail account, and several expensive items were ordered with my accounts in the same period, which fortunately could be cancelled.”

Are You Secure?

This disclosure raises severe concerns about Telegram's security standards, specifically the ease with which sensitive information, such as login credentials, can be transferred within its channels. 

While the data itself is not entirely new, having come from earlier breaches, its compilation and availability on Telegram highlights the possibility for attackers to exploit reused credentials across various platforms. 

This incident requires platforms and you to prioritise strong security measures.

What Must be Done to Stay Secure?

If you fear your information may have been compromised in the Telegram data leak, here are some critical steps to take:

Checking Have I Been Pwned (HIBP)

  • Visit https://haveibeenpwned.com/About and provide your email address. 
  • This free service will notify you if your email address appears in any known data breaches, including the latest Telegram hack.

Change Your Passwords

  • If your email address has been pointed out, change your passwords on all accounts associated with that address as soon as possible. 
  • Do not reuse old passwords, and make strong, unique passwords for each platform. 
  • Consider utilising a password manager to create and store strong passwords.

Activate Two-Factor Authentication

  • Increase your account security by enabling two-factor authentication (2FA) whenever possible. 
  • This provides an additional layer of security by requesting a secondary verification code, similar to one delivered to your phone when signing in.

Remain Alert

  • Be careful of unsolicited emails or phone calls claiming to be from trustworthy businesses. 
  • Phishing attempts may use the recent disclosure, so beware of clicking on unexpected links or attachments.

According to Guarnieri and Anderson:

"When users want to login to Telegram from a new phone, the company sends them authorization codes via SMS, which can be intercepted by the phone company and shared with the hackers."

Data Safety is a Continuous Process!

While the data may have come from earlier thefts, its compilation on Telegram allows attackers to exploit reused passwords across several platforms. 

To protect yourself, use Have I Been Pwned to discover whether your information has been compromised, change your passwords to unique and strong combinations, enable two-factor authentication, and remain aware of phishing attempts.

Remember! When practising basic privacy practices, you must use a trusted privacy management application so that your data is never compromised.