On March 21, 42 million Telegram accounts were discovered in the Elasticsearch open cluster.
The data was merged using unofficial Telegram clients, which were popular in Iran. The data was quickly deleted, but later it was posted on one of the hacker forums.
What data is in open access? Names, phone numbers, IDs, hashes, secret keys.
Information, including usernames, phone numbers, identifiers, and secret keys, could not be used to access user accounts.
Similar cases have already occurred earlier, the previous time the Iranian hacker group merged data of 15 million accounts. This means that Iranian users continue to use unsafe forks such as Hotgram and Talagram. Recall that Telegram was blocked in Iran, and unofficial clients with built-in proxy servers began to appear in Iranian application stores.
A Telegram spokesman said: “We confirm that the data seems to be obtained from third-party forks that collected user contacts. Unfortunately, despite our warnings, Iranians are still using unverified applications. Telegram is open source, and it’s important to use our official applications that support verified builds. ”
In the summer of 2017, researchers from Iran examined Hotgram and Talagram clients in detail and concluded that they were dangerous for users. These clients collect data and send them to their servers.
In December 2017, Telegram sent out a notification to users of Iran’s Hotgram and Talagram customers stating that apps could be dangerous. Later, applications were removed from Google Play and from Iranian marketplaces.
For your safety, use only official clients and two-factor authentication. For greater security, use the QR code input to prevent potential interception of the code in SMS.