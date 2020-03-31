Infosecurity Group Websites
Latest
News

Privacy Snafu Exposes 42 Million ‘Telegram’ Records

Security researchers have discovered tens of millions of accounts from a third-party version of Telegram that were leaked online in another cloud misconfiguration.

Bob Diachenko and the Comparitech team found the exposed data on March 21. It had been posted to an Elasticsearch cluster, password-free, by a group called “Hunting system” in Farsi.

Although the cluster was deleted on March 25, a day after Diachenko informed the hosting provider, at least one user had apparently already posted it to a hacking forum.

That’s bad news, because the trove contained 42 million records from a third-party version of popular messaging app Telegram. They included user account IDs, phone numbers, names, and hashes and secret keys.

As Telegram has been banned in Iran since anti-government protests in 2018, the database could put users at risk of being singled out by the authorities as having something to hide.

Although the hashes and keys can’t be used to access accounts, third-party hackers could use the other information in financially motivated attacks, warned Comparitech.

“SIM swap attacks are one example. A SIM swap attack occurs when the attacker convinces a phone carrier to move a phone number to a new SIM card, allowing them to send and receive the victim’s SMS messages and phone calls. The attacker could then receive their one-time access verification codes, granting full access to app accounts and messages,” explained privacy advocate, Paul Bischoff.

“Affected users could also be at risk of targeted phishing or scams using the phone numbers in the database.”

This isn’t the first such privacy incident involving messaging users in the country. In 2016, hackers identified the user IDs, phone numbers and one-time verification codes of 15 million Telegram users after activation codes were likely intercepted by phone carriers.

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

UK Government Uses Zoom Despite MoD Security Concerns

2
News

New Marriott Data Breach Affects 5.2 Million Guests

3
News

Maze Authors Claim to Have Hit Insurer Chubb

4
News

#COVID19 Drives Phishing Emails Up 667% in Under a Month

5
News

Virgin Media Facing Huge Compensation Bill Over Data Breach

6
News

#COVID19 Phishing Scam Tricks People With ‘You Might Be Infected’ Warning

1
News

OIG Lacks Confidence in FBI's Adherence to Woods Procedures

2
News

New Marriott Data Breach Affects 5.2 Million Guests

3
News

#WorldBackupDay: Only 58% of Brits Back Up Their Data

4
News

Sensitive Voter Data Exposed by App Used in US Elections

5
News

NATO Report Warns of New Authoritarian Chinese Splinternet

6
News

Privacy Snafu Exposes 42 Million ‘Telegram’ Records

1
Webinar

Using SIEM to Protect Against Top Cybersecurity Threats

2
Webinar

The Impact of #COVID19 on the Infosec Industry

3
Webinar

Gain Control and Security of Your File Collaboration

4
Webinar

Zero Trust: A Cybersecurity Essential and the Key to Success

5
Webinar

2FA or MFA: Which Authentication is Right for Your Business?

6
Webinar

Make Your Own Security Superstars: Scale and Upskill Your Security Team

1
News Feature

Infosec Industry Shows Compassionate Side Amid #COVID19 Pandemic

2
Interview

Interview: Doug Dooley, COO, Data Theorem

3
Blog

Best Practices in Designing a Data Decommissioning Policy

4
News Feature

The Unique Dangers Posed by #COVID19 Phishing Scams

5
Opinion

Respecting Data Privacy Rights Through Data Encryption

6
Interview

Interview: Len Shneyder, Co-Chair, Election Security Working Group, M3AAWG