In the darknet, they found a database with phone numbers and identification data of millions of Telegram accounts. It is reported by the "Code of Durov."
The database is real – the editors found several of their employees' nicknames. And the numbers were available even if the account holder hid it.
The publication contacted the Telegram press service. It turned out that the developers are aware of the existence of this database:
Such databases usually contain the correspondence "phone number – user identifier in Telegram". They are collected through abuse of the built-in contact import feature during user registration. Unfortunately, not a single service that allows users to communicate with contacts from their phone book can completely eliminate this sorting.
The exact number of accounts affected by the leak cannot be called, but the database itself weighs 900 MB.
According to Telegram, the database is already outdated – more than 60% of the records contain irrelevant information, and more than 84% of the data was collected before mid-2019. It was then that the messenger developers changed the privacy settings – now any user can choose to display the phone:
Those who chose “All” or “My Contacts” are at risk – it’s easier to find a user by search, but there will be no privacy. It is these accounts that ended up in the database.
In mid-2019, after complaints from Hong Kong users, they entered the item “Nobody”:
In addition, after messages from Hong Kong, we added the setting "Who can add me to contacts by phone number." This setting, although it makes it very difficult for ordinary users to use Telegram (they become “invisible” even for those who know their number), allows dissidents and protest activists to completely hide the connection between their account and phone number.
Just in case, we recommend that you change the privacy settings for displaying the phone number in Telegram. To do this, go to the messenger settings, select "Privacy" → "Phone Number".
The messenger’s leadership said that mainly the data from the residents of the two countries leaked: almost 70% of the records were user accounts from Iran, 30% from Russia.
. (tagsToTranslate) news
Chief editor of the blog – Erika J. Wells .