User data leak

Recently it became known that the database with the merged data of Telegram accounts leaked to the Internet.

How could this happen

In April of this year there was a similar incident. Data from 42 million Iranian users of alternative Telegram clients appeared on the network. Interestingly, in the recently found database, most of the information also belongs to users from Iran.

At the end of 2019, Izvestia’s interlocutors reported that the Interior Ministry and the FSB used dozens of bots to search for criminals or suspects.

What is important to know

In Telegram, as in other instant messengers, it is possible to find accounts by phone number.

When synchronizing on the server, your notebook is synchronized. Even unregistered numbers from your notebook show the number of people in the notebook. This indicator is equal to the number of people who have this person in contacts.

Despite the fact that the database has appeared now, it mainly contains old data. They could get into the base not this year and not even in the past by the usual brute force method. However, this opportunity is limited by limits to prevent brute force (unlike many other instant messengers and social networks).

Who is in the database

The database includes data not only from Iranian, but also from parts of Russian users. You can check the base for finding yourself in it using our bot.

How to protect yourself

Even if you found yourself in the database (or did not find, but are afraid that you might be merged in the future), you can protect yourself and your account with the privacy setting that Telegram introduced in August 2019.

In the privacy settings go to the item “Who sees my phone number” and select “Nobody”, the setting “who can find me by phone number” will appear at the bottom, in this item you can select “Contacts”.

In this case, if they try to find you through this database, Telegram will answer that there is simply no account for this number.

It is important to note that in this case no one will be able to find you, even those who want to write to you, for example, by work (if this person is not recorded in your contacts).

Telegram Comment

The Telegram press service confirmed to KOD.RU the fact of the existence of the base, while noting that such information is collected through the built-in contact import feature during registration:
Such databases usually contain the correspondence “phone number – user identifier in Telegram”. They are collected through abuse of the built-in contact import feature during user registration. Unfortunately, not a single service that allows users to communicate with contacts from their phone book can completely eliminate this sorting.

At the same time, an analysis of the data in these databases shows that additional measures taken by us at the end of the summer of 2019 in response to reports about the enumeration of numbers of Hong Kong users were effective. More than 84% of the data was collected before the middle of 2019. Most of the accounts in this database – at least 60% – contain already irrelevant data. This may indicate that last year we were able to significantly reduce the scale and speed of this type of abuse.

In addition, after messages from Hong Kong, we added the setting “Who can add me to contacts by phone number.” This setting, although it makes it difficult for ordinary users to use Telegram (they become “invisible” even for those who know their number), allows dissidents and protest activists to completely hide the connection between their account and phone number.

Subscribe to our channels in Telegram to always be aware of the latest Telegram and TON news.