Hackers can reach a much wider audience and share information a lot quicker on an app installed on a device or computer.
Throughout our research, we witnessed members of these groups downloading zip files of data dumps and then asking how to open them, or what tools they needed to use them. This shows that even people with incredibly low computer literacy (and probably not on the dark web) are gaining access to incredibly sensitive data belonging to millions of people.
Most likely, they’re also not storing this data in any secure fashion, creating another set of issues and concerns.
Telegram also offers malicious hackers and cybercriminals considerable scope for automating their activities. Telegram bots allow developers to run third-party apps on the platform. Usually, companies use the technology for advertising and marketing campaigns.
These channels are more passive, with minimal conversation happening in them. Some channels have 10,000s of followers.
Data dumps shared on a hacking channel.
The other method hackers are using is dedicated hacking groups, where hundreds of members actively discuss various aspects of cybercrime and how to exploit data dumps shared.
Chat in a Telegram hacking group.
Examples of data shared directly in a group.
In general, it appears that most data leaks and hacks are only shared on Telegram after being sold on the dark web – or the hacker failed to find a buyer and decided to share the information publicly and move on.
Some of the data leaks were months old, but many were as recent as a few days.
Hackers have also used Telegram as part of cyber attacks and blackmail schemes.
Telegram leaked project data
They’ve grown increasingly bold, and seemingly have no qualms about openly discussing their activities on a semi-public messaging app.
In doing so, they could significantly increase the scope of their own malicious activities and inspire many people to give cybercrime a go, making it look easy and risk-free. This could create a devastating ripple effect across the globe.
Governments and cybersecurity organizations are already struggling to keep up with the growing scale and frequency of cyber attacks, hacking, and online fraud. There are an estimated 3.5 million unfilled cybersecurity jobs in 2021, as employers struggle to meet the demand with adequately trained staff.
If a whole generation of amateur hackers hanging out on Telegram was inspired to pursue cybercrime, the impact could be devastating.
Telegram leaked project data-
HTTP request in a cache file stored on disk at /private/var/wireless/Library/Caches/com.apple.coretelephony/Cache.db, containing metadata on the request and the response. The phone sent information on the device including the model 9,1 (iPhone 7) and iOS build number 18C66 (version 14.3) to a service fronted by Amazon CloudFront, suggesting NSO Group has switched to using AWS services in recent months. At the time of this attack, the newer iOS version 14.4 had only been released for a couple of weeks.”
The report added that zero-click attacks have been observed since May 2018; the most recent attack was observed exploiting multiple zero-days to attack a fully patched iPhone 12 running iOS 14.6 in July.
Reported Pegasus Victims
The Paris-based Forbidden Stories and Amnesty International were initially given access to the leaked list of 50,000 phone numbers.
Telegram leaked project data1
At the time, the company was aware of the breach but chose not to report it to users or authorities.
The data for 533 million Facebook users were made available by hackers in April 2021 and made headlines worldwide.
However, before the story became viral, it was also possible to download the data from Telegram.
From: Originally leaked circa. April 12th, 2021; appeared on Telegram on 23rd April 2021
Size: 26 GB
A database from an unknown source, with detailed files on up to 250 million US citizens. (depending on duplicate entries).
Telegram leaked project database
Hackers can use the bots to run their operations while remaining in the shadows and spread their influence more easily across chats and groups.
Finally, Telegram has proven incredibly slow at tackling how much illegal and dangerous activity takes place on the app. Hackers know they can most likely remain anonymous and shielded from surveillance or basic accountability.
What Is Telegram doing to Combat These Groups?
Telegram has taken limited steps to shut these groups down, but some are operating for months before any action is taken. In that time, they can openly share private data from millions of people.
Some group admins also create a ‘backup’ group, ready to accept new members and pinned to the top of the group. This way, members know to join the ‘backup’ group if the primary one is shut down.
The exposed data included:
- Full contact details (name, address, email, phone, dob);
- Political affiliations and donations;
- Ailments and illnesses
- Marriage status
- Number of children
- House price
- Location coordinates
The following is a screenshot from a Telegram group in which the data dump was shared as a CSV file for anyone to read.
A hacker shares private data from up to 250 million US citizens
Mega-Dump: “open data.7z”
One of the biggest data breaches we saw in our research was a truly massive dump of data from 670 websites, including a network of porn websites and their affiliates.
The hacker responsible shared over 515MB of data from the company Effex Media.
Telegram is about to launch the long-rumored Telegram Premium subscription for additional monetization and revenue income. Although the official announcement remains somewhere in the future, a leak has revealed the upcoming premium features and the price tag.
Telegram Beta now has all the details about the premium subscription, although it currently does not allow signing up. Here is what Telegram Premium customers will get for $4.99 per month:
- Double Limits.
Up to 1000 channels, 20 chat folders, 10 pins, 4 accounts (in a single app), 200 pins inside a folder, 20 public links for channels and groups, 10 favorite stickers, and 400 GIFs.
- 4GB single-file upload. Telegram currently allows uploading files up to 2GB in size.
- More symbols in the bio.
Appeared on Telegram in January 2021
A hacker released private data and account information from 2.28 million users on the Meet Mindful dating site on the dark web, and it appeared later on Telegram.
The exposed data included:
- Real names
- Email addresses
- City, state, and ZIP details
- Physical attributes
- Dating preferences
- Marital status
- Birth dates
- Latitude and longitude
- IP addresses
- Bcrypt-hashed account passwords
- Facebook user IDs
- Facebook authentication tokens
Facebook Data Dump
From: Originally leaked in 2019, appeared on Telegram in April 2021
Many people are now aware of a massive data breach in Facebook that occurred in 2019.
It countered the report’s conclusions are based on “uncorroborated theories” that are “based on misleading interpretation of leaked data.”
Amnesty International found in its report that the spyware is under active development, consistently adding zero-day exploits into the mix, including in iPhone attacks observed as recently as this month. Those attacks have been effective against the latest version of iOS, and are “zero-click,” meaning that no user interaction or action is required to deliver an infection, according to the report.
“On the iPhone of a French human rights lawyer (CODE FRHRL2), we observed a lookup of a suspicious iMessage account unknown to the victim, followed by an HTTP request performed by the ‘com.apple.coretelephony’ process,” according to Amnesty International.
The malware can secretly take remote control of the phone to monitor activity, enabling “customers” to even read encrypted messages of their targets sent via Signal and Telegram.
“The leak contains a list of more than 50,000 phone numbers that, it is believed, have been identified as those of people of interest by clients of NSO since 2016,” according to the Guardian report.
The Guardian, along with 16 additional media organizations, concluded that the NSO Group’s Pegasus malware is in widespread use and used to target more than just criminals and terrorists, as the company insists are the primary and only targets of its spyware.
In a statement issued by the NSO Group, it denies claims made in the Guardian report and those made by the Pegasus Project.