Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security

Hackers Break Into Telegram, Revealing 15 Million Users' Phone Numbers (venturebeat.com) 47

A vulnerability in Telegram has exposed the data of millions of people in Iran. Hackers in the country have compromised dozens of accounts by an SMS redirection hack, and also identified phone numbers of 15 million users, according to a report on Reuters. From the report: The attacks, which took place this year and have not been previously reported, jeopardized the communications of activists, journalists and other people in sensitive positions in Iran, where Telegram is used by some 20 million people, said independent cyber researcher Collin Anderson and Amnesty International technologist Claudio Guarnieri, who have been studying Iranian hacking groups for three years.As for the attack, hackers aren't targeting the encryption that protects messages between accounts, but how a phone number is tied to an account. When a user adds a new device to their Telegram account, the new device is confirmed through a one-time SMS message. Hackers are intercepting that SMS and cloning the data to a compromised device.

Update: Telegram reached out to Slashdot on Twitter with a link to a blog post that included:
Certain people checked whether some Iranian numbers were registered on Telegram and were able to confirm this for 15 million accounts. As a result, only publicly available data was collected and the accounts themselves were not accessed. Such mass checks are no longer possible since we introduced some limitations into our API this year. However, since Telegram is based on phone contacts, any party can potentially check whether a phone number is registered in the system. This is also true for any other contact-based messaging app (WhatsApp, Messenger, etc.). Read the rest of Telegram's official statement, including SMS codes allegedly being intercepted, here.
This discussion has been archived. No new comments can be posted.

Hackers Break Into Telegram, Revealing 15 Million Users' Phone Numbers

Comments Filter:
  • by Anonymous Coward

    Editors need more coffee, as evidenced by this mistake.

    On the other hand, if a vulnerability in Instagram resulted in a Telegram break-in, then I really should destroy my Instagram account right now.

  • by Mondor ( 704672 ) on Tuesday August 02, 2016 @04:05PM (#52631157)

    It's about Telegram, not Instagram. And all 15 million users were from Iran. Hence the problem was in SMS provider in Iran, not just in Telegram. Could be even the government. That is - IF such hack indeed happened. NSA hates Telegram, so I wouldn't be surprised if it's early April fools.

    • by Mondor ( 704672 )

      Oh, and before we go any further, here is the official reply from Telegram:

      "Certain people checked whether some Iranian numbers were registered on Telegram and were able to confirm this for 15 million accounts. As a result, only publicly available data was collected and the accounts themselves were not accessed. Such mass checks are no longer possible since we introduced some limitations into our API this year.

      However, since Telegram is based on phone contacts, any party can potentially check whether a phon

  • Handing out your phone number for an IM service is just asking for shit like this to happen. Telegram exposed themselves to this kind of attack due to their sheer arrogance in thinking the cellular system was secure by any means.

    Smart in using encryption, stupid in explicitly trusting a network.

    • I remember when my phone number was listed in a public directory known as a "Telephone Book". Anyone with access to a "Pay Phone" could read this "Telephone Book" and determine my phone number and home address. (the reverse of looking up my name and address using my phone number was harder as the book was physically printed on trees and could not be re-indexed or accessed electronically by the average person)

  • Suggesting that 2fa would have helped here is not helpful. This happened because an Iranian phone company was hacked, using 2fa via SMS is not going to achieve anything when the phone conpany is not trustable.

Avoid strange women and temporary variables.

Working...