Just recently, at one of the forums on the darknet, a database of several million users was posted holding the data of telegram users. When the database was checked through, they found millions of telephone numbers labeled by their nicknames in telegram.
The incident was first reported by Kod.ru, a Russian based publication on June 23. The size of the file was about 900 megabytes so it is hard to know how much of data the database contains in itself.
When the Russian publication kod.ru contacted the telegram press services, they said that the data was collected through import feature during registration.
According to the statement issued by the press service of the telegram, they said that at least 60% of data in the leaked database is irrelevant or is no longer existed on telegram. At the same time back in 2019 precaution measures were taken to not shine personal numbers on profile. They said that they have significantly reduced this type of abuse at the big scale level. As per the statement:
Such databases usually contain the correspondence “phone number – user identifier in Telegram”. They are collected through abuse of the built-in contact import feature during user registration. Unfortunately, not a single service that allows users to communicate with contacts from their phone book can completely eliminate this sorting.
Most of the telegram data was inefficient
Speaking of the data. When it was analyzed, it has come into the point that most of the data that was leaked on darknet was largely redundant. The data was taken before the mid-2019 just before the telegram upgraded their security. Upon founded, 30% of the account’s data was from Russian based account, and the remaining 70% data was from Iran based accounts.
This is not happened for the first time, as back in August 2019 several mobile numbers were leaked of telegram users. This breach was resulted to ban telegram for two years in Russia. In response to this telegram updated their security protocols where they added some new features to help the user protect their personal information. As pun intended:
If you set Who Can See My Phone Number to ‘Nobody’, a new option will appear below, allowing you to control your visibility for those who already have it. Setting Who Can Find Me By My Number to ‘My Contacts’ will ensure that random users who add your number as a contact are unable to match your profile to that number.