While Telegram isn't giving up its ongoing legal battle with Us regulators to launch its TON blockchain project, some online perpetrators are taking advantage of the messenger's popularity to expose millions of user records of third-party versions of Telegram app.

Per an investigation past cybersecurity firm Comparitech and security researcher Bob Diachenko, at least 42 million Iranian "Telegram" usernames and telephone numbers were leaked via unofficial Iranian-made versions of Telegram, while existent Telegram is banned in the country.

42 million Iranians that are willing to use the banned messenger got their data exposed

Co-ordinate to a March 30 report compiled by Comparitech, those records were publicly exposed online on the web without whatsoever authentication required to access it. The information was reportedly exposed on distributed search engine Elasticsearch for about eleven days until information technology was removed afterwards Diachenko filed an abuse written report.

Diachenko elaborated to Cointelegraph that the number of leaked records purportedly corresponds to the number of "Telegram" users affected. He said:

"42 meg is the number of the records in the database which, we assume, are unique and stand for to the afflicted persons number."

The reported data breach definitely poses significant risks similar SIM swapping and phishing attacks as well equally other scams using the phone numbers in the database. Moreover, the leakage reveals data of every bit many as 42 million Iranian people who were trying to even so utilise Telegram despite the application being banned in the country since 2022.

Telegram blames Iranian people for using unofficial Telegram apps despite multiple warnings

The exposure wouldn't take been possible without people using unofficial versions Telegram messenger, a Telegram spokesperson reportedly told Comparitech. Telegram emphasized that the leaked data came from unofficial Telegram applications or so-called "forks" of Telegram that are non affiliated with the official company. This became possible considering Telegram is an open-source application that allows third parties to create their own versions of it.

Telegram reportedly said:

"We can ostend that the data seems to accept originated from third-political party forks extracting user contacts. Unfortunately, despite our warnings, people in Islamic republic of iran are yet using unverified apps. Telegram apps are open source, so information technology'due south important to use our official apps that back up verifiable builds."

As reported by local publications, Iranians created a number of "fork" Telegram apps similar Telegram Talaeii and Hotgram in response to the messenger's ban in the state. Co-ordinate to estimations, Talaeii and Hotgram clustered well-nigh 30 million users as of December 2022. According to BBC, real Telegram messenger was estimated to have virtually 50 one thousand thousand users in Islamic republic of iran equally of 2022 earlier it was banned in the land.

While the latest information breach doesn't involve the official Telegram company directly, the actual messenger suffered a major hack in Islamic republic of iran back in 2022. According to reports, Iranian hackers were able to compromise more than a dozen accounts to identify phone numbers of 15 million Telegram users in Iran despite the messenger's focus on user privacy and security.

In mid-March 2022, Cointelegraph reported on Chinese social media giant Weibo experiencing a massive data alienation that reportedly led to 172 one thousand thousand users having their account information leaked.