Recently, 42 million records from a third-party version of the well-known instant messaging app Telegram used in Iran have flashed on the web outwardly.
The data was revealed by a group called “Hunting system” on an Elasticsearch cluster that claimed no password nor any other authentication needed to access. It was dismissed after Diachenko described the incident to the hosting provider on March 25.
As per the blog post by researchers, the database was formerly uploaded by a group of Iranian hackers stopping by the online name of “Samana Shikar,” indicating “Hunting system” in English. Initially, it was discovered that the data was abandoned by Telegram since it listed user account IDs, usernames, hashes, secret keys, and phone numbers. But, now HackRead.com has determined that the data was dismissed from HotGram and Telegram, two Telegram choices used in Iran.
Well, Telegram states that the data came from an unauthorized “fork” of Telegram, a variant of the app unaffiliated by the company. Well, Telegram is an open-source app, enabling third parties to create their own versions of it. Because the official Telegram app is usually blocked in Iran, several users gather to unauthorized versions.
The spokesperson of Telegram told “We can verify that the data appears to have started from third-party forks extorting user contacts. Unluckily, despite our information, people in Iran are yet accepting unproven apps. Telegram apps are free to source, so it’s essential to use our reliable apps that promote verifiable builds.”
The conflict followed a related one in 2016 when Reuters announced 15 million Telegram user IDs, phone numbers, and one-time verification codes were recognized by Iranian hackers, appearing in more than a dozen imperiled accounts.
Timeline of The Exposure
The data was detected for about 11 days before it was removed, and here are the details we have mentioned below:-
- March 15: The database was recorded by the search engine BinaryEdge.
- March 21: Diachenko found the displayed data and started investigating.
- March 24: Diachenko gave a violation report to the hosting provider.
- March 25: The Elasticsearch cluster was eliminated.
Therefore, it looks like other unofficial parties were able to access the data while it was displayed, and according to the reports, at least one user had revealed the data to a hacker forum.
What Data Was Exposed?
Well, the database comprised more than 42 million records containing user data starting from Iran.
- Phone number
- User account IDs
- Hashes and secret keys
Well, the hashes and secret keys from the database can’t be utilized to access accounts. They only operate from inside the statement to which they relate, according to a spokesperson from Telegram.
However, Iranians are not unusual to such data breaches. Thus, in April last year, a regional ride-hailing app in the country drooled delicate data of 1 to 2 million truckers in plain-text form. The misconfigured database was treated on a MongoDB server.
However, after all these conflicts, Iranian authorities ordered telecoms to momentarily block access to Telegram on various occasions within 2015 and 2017. Hence, it was blocked forever in early 2018 following nationwide anti-government objections and civil unrest. Despite that, Telegram stays the most popular messaging app in the country, as several users access it by proxies and VPNs.
So, what do you think about this? Simply share all your views and thoughts in the comment section below.