In a huge security breach, a database of personal information, including login passwords for over 361 million accounts, was discovered circulating on Telegram.
This troubling data leak raises major concerns regarding the safety of personal information and internet platform operations.
?#DataLeak ?
— HackManac (@H4ckManac) June 4, 2024
Massive data leak: 361 million unique email addresses and passwords on Telegram channels.
"1.7k files with 2B lines and 361M unique email addresses of which 151M had never been seen in HIBP before" Troy Hunt writes.https://t.co/EMnrxqVZel#Telegram #DataBreach pic.twitter.com/DwKB5TEOSP
The Telegram information hack did not result in new breaches but rather a vast collection of already exposed passwords. This data includes email addresses, passwords (often in plain text), and even URLs holding those credentials for various internet services.
The data was most likely taken from thousands of Telegram channels and organised by providers (such as Gmail) or countries.
This implies that hackers could use this information to access your accounts on several platforms, particularly if you repeat passwords across websites.
Troy Hunt, the security expert who received and investigated the Telegram data leak, contacted some of his current subscribers on HIBP (Have I Been Pwned) to confirm the accuracy of the leaked information.
“It started about a month ago, a maximum of 6 weeks. I use a Macbook and an iPhone, only a Windows PC at work, maybe it happened there?
About a week ago there was an extreme spam attack on my Gmail account, and several expensive items were ordered with my accounts in the same period, which fortunately could be cancelled.”
This disclosure raises severe concerns about Telegram's security standards, specifically the ease with which sensitive information, such as login credentials, can be transferred within its channels.
While the data itself is not entirely new, having come from earlier breaches, its compilation and availability on Telegram highlights the possibility for attackers to exploit reused credentials across various platforms.
This incident requires platforms and you to prioritise strong security measures.
ShinyHunters, the group (person?) responsible for administrating Breached has disappeared. Breached is offline on both clearnet and Tor
— vx-underground (@vxunderground) June 10, 2024
Additionally, Shiny's Telegram and Telegram Channel have been deleted
People are speculating they've been arrested
¯\_(ツ)_/¯
If you fear your information may have been compromised in the Telegram data leak, here are some critical steps to take:
According to Guarnieri and Anderson:
"When users want to login to Telegram from a new phone, the company sends them authorization codes via SMS, which can be intercepted by the phone company and shared with the hackers."
While the data may have come from earlier thefts, its compilation on Telegram allows attackers to exploit reused passwords across several platforms.
To protect yourself, use Have I Been Pwned to discover whether your information has been compromised, change your passwords to unique and strong combinations, enable two-factor authentication, and remain aware of phishing attempts.
Remember! When practising basic privacy practices, you must use a trusted privacy management application so that your data is never compromised.