A recent investigation by cyberintelligence group Cyberint discovered a network of hackers that publicly shared the personal data of millions of people in groups and channels on Telegram with thousands of members.
Telegram launched in 2013, allowing users to send messages through “channels” or create public and private groups. Users can also send and receive large data files directly through the app, including text files and attachments. According to data from SensorTower, the platform now has over 500 million active users and topped August with 1 billion downloads.
It is known that Telegram also has a similar function to the dark web, including hidden websites, accessible by anonymous software, so it is often used by hackers. “We recently saw an increase in cybercrime of more than 100% on Telegram,” said Tal Samra, cyber threat analyst at Cyberint. The app’s encrypted messaging service is increasingly convenient for those who threaten to commit fraud and sell stolen data, even more so than the dark web.”
According to Cyberint, the number of Telegram mentions of “Email: pass” and “Combo” has quadrupled over the past year, to nearly 3,400. Reportedly, this is how hackers use when sharing stolen email and password lists.
For example, in a public Telegram channel called “combolist” with more than 47,000 subscribers, hackers sold or made public a massive data warehouse of hundreds of thousands of leaked usernames and passwords. Besides, a post titled “Combo List Gaming HQ” provided 300,000 emails and passwords that are useful in hacking video game platforms like Minecraft, Origin or Uplay.
Telegram deleted this channel shortly after receiving the feedback. However, email password leaks represent only a small part of the disturbing activity on the Telegram marketplace. Other types of data transacted include financial data such as credit card information, passport copies, and login information for bank accounts and websites like Netflix. Not only that, Cyberint said online criminals also share malware and hacking instructions through the app.
Meanwhile, dark web forums have shared more than 1 million links to Telegram groups by 2021. This shows that hackers are increasingly directing users to the platform for the sake of ease of use. more usable. Most users who click on links to access these groups are generally less tech-savvy than any dark web user.
Samra said cybercriminals’ transition from the dark web to Telegram is happening in part because of the anonymity provided by encryption, although many of these groups are also public. Telegram is also more accessible, easier to use, and generally less likely to be tracked by authorities than dark web forums.
Telegram has long implemented more lax content moderation than major social media apps like Facebook and Twitter, allowing hate groups and conspiracy theories to flourish.
The fact that the app’s cybercriminal underworld is eyeing the app could increase pressure on the Dubai-based platform, requiring increased content moderation if regulators plan to release it to the public. in the future and want to advertise their services.
Cyberint’s research, particularly the discovery of public groups looking for cybercriminals, has raised further questions about Telegram’s content moderation policies at a time when the company is preparing to sell ads. on public Telegram channels.
At the same time, this is also the time when the company prepares to enter the public market after raising more than $ 1 billion through a bond sale in March to other investors.
In response, Telegram said in a statement that it “has a policy of deleting personal data shared without consent”. They also added that Telegram’s “growing force of professional censors” daily deletes more than 10,000 public groups for terms of service violations after users report them.