Telegram has finally responded to several reports of its Telegram Messenger being part of a massive data breach that has been pin pointed to originate in Iran.
The company has assured the public that the hack was not as severe as everyone thinks. Telegram said that the data stolen was already publicly available and that there were no sensitive information siphoned off from their servers by the hackers.
Researchers who discovered the attack claimed that the hackers in Iran was able to hack into several dozens of Telegram accounts which led to them identifying over 15 million phone numbers of the users in their country, Venture Beat has learned. Hacking group Rocket Kitten is being claimed as the perpetuators of the attack.
Telegram said that the individual accounts of their users were not in any way accessed by the Iranian hackers. The company added that the accounts are secured as mass checks are nearly impossible to do because of their new API limitations that they have introduced in 2016 to prevent such attacks from happening in the first place.
What the hackers did was just to check if a phone number was present in Telegram which is something that is already doable on Facebook Messenger, Whatsapp and Viber. In itself, the check was not really all that harmful.
Telegram said that the massive hack only affects the 15 million out of the 20 million users in Iran and that it is small compared to their total 100 million users worldwide, WIRED reported. The accounts that were targeted for the hack were human rights activists who were probably against what the hackers were promoting in the country.
Two-factor authentication has been thought to be one of the safest ways to secure an account. However, the recent Iran hacking event with Telegram shows that it can still be circumvented and penetrated.
Nevertheless, Telegram still insists that their messaging app is still secure and that the Iran hacking was an isolated case. Users outside of Iran were not affected by the hack and the 15 million people that were are not really at risk of having their private information and passwords stolen.