It appears that Middle East has become one the major regions affected by cyber data breaches. Another cyber has recently gained attention wherein the data of 42 million Iranian citizens using Telegram has been claimed.
In a security research assignment taken up by Comparitech along with the popular researcher Bob Diachenko it was found that 42 million Iranian ‘Telegram’ user IDs and phone numbers were leaked online. An important finding was that all these accounts were of Iranian region. Amidst the ongoing Covid 19 crisis, when digital media is supposed to be the best possible medium of communication this certainly caused a grave concern, a Telegram is one of the most popular apps in Iran.
As per the research findings, there are more than 50 million registered users of Telegram in Iran of which 42 million seemed to have been the victim of this data breach. It also is grave concerns for the Iranians whose data has been leaked online as Telegram is an important app used by the Iranian dissidents and government opponents as it was immune from eavesdropped.
As the app was popular among the Iranian government dissidents, the government took a strict action against its usage and banned it in 2018 following the anti-government protests and civil unrest it caused. However, this gave more conviction to the users of its security features and continued usage of the app was secured by using third party proxies and VPNs. This apparently became the patch which the hacked may have exploited to gain access to the users personal information.
As per Telegram, The data patch must have been created by the third parties by exploiting the unofficial “fork” that allows third parties to develop their own versions.
The leaked data is published by entity with the name of “Hunting system” (translated from Farsi) on an unsecured Elastic search cluster. As per the findings, the archive of the data was shut down post
the report of Diachenko to the hosting provider on March 25th. The leaked data included user data originating from Iran, such as User account IDs, Usernames, Phone numbers, Hashes, and secret keys. This is serious because now these individuals are vulnerable to Iranian government surveillance radar.
As per Telegram’s spokesperson they confirmed- “that the data seems to have originated from third-party forks extracting user contacts. Unfortunately, despite our warnings, people in Iran are still using unverified apps. Telegram apps are open source, so it’s important to use our official apps that support verifiable builds.”
The only relief for these users are, as per the security researchers, is that hashes and secret keys can’t be used to access accounts. But such increasing data breaches through third party apps does hurt the credibility of “Telegram” like apps which are built for secure communications.