Reuters said Iranian hackers breached dozens of accounts and accessed millions of user phone numbers.
Secure messaging app Telegram this week pushed back on reports that Iranian hackers breached dozens of accounts and accessed millions of user phone numbers.
“Keep calm and send Telegrams,” the company titled a Tuesday blog post that suggests a Reuters story about the alleged breach is overblown.
That story said the hack was “the largest known breach of the encrypted communications system.” It pointed to Telegram’s process of activating new devices via SMS text messages. “When users want to log on to Telegram from a new phone, the company sends them authorization codes via SMS, which can be intercepted by the phone company and shared with the hackers,” Reuters says, citing cyber researchers.
Telegram, however, says “this is hardly a new threat.” The company has repeatedly advised users to utilize two-step verification to avoid such breaches. “If you do that, there’s nothing an attacker can do,” according to Telegram.
The Reuters report also said hackers “identified the phone numbers of 15 million Iranian users.”
Telegram acknowledges this was possible at one point. “Certain people checked whether some Iranian numbers were registered on Telegram and were able to confirm this for 15 million accounts,” it writes. “As a result, only publicly available data was collected and the accounts themselves were not accessed.
Such mass checks are no longer possible since we introduced some limitations into our API this year.”
Anyone who wants to check individual phone numbers can still do so one by one; Telegram was quick to point out that “this is also true for any other contact-based messaging app” like WhatsApp and Facebook Messenger.