The database, which was exposed on a darknet forum, included users’ phone numbers and unique Telegram user IDs, according to the report.
Telegram told Russian tech publication Kod.ru, which originally reported the information on Tuesday (June 23), that the information was exposed through the app’s built-in contact export feature while a user was registering. Telegram reportedly said much of the leaked data ended up being outdated, with 84 percent of it being collected before mid-2019 and around 60 percent of it being inaccurate.
The company said 70 percent of the leaked accounts had been based in Iran, while the remaining 30 percent were from Russia, Cointelegraph reported.
“Like other phone-based messengers (Facebook Messenger, WhatsApp, Viber), Telegram allows you to see which of your contacts are also using the app,” a Telegram spokesperson told Cointelegraph. “Unfortunately, any contacts-based app faces the challenge of malicious users trying to upload many phone numbers and build databases that match them with user IDs — like this one.”
Telegram has reported previous data breaches, including one in August 2019 in which Hong Kong activists reported breaches to their phone activity that allowed law enforcement to track them. The company introduced new measures for privacy in response, letting users hide their phone number from everyone.
Russian authorities also recently lifted a two-year ban on Telegram in their country.
Data breaches have not slowed during the pandemic. Twitter apologized to business clients after a recent breach potentially left some phone numbers, email addresses and partial credit card numbers exposed. The company said there was no way to tell exactly how many had been affected, but it seemed billing data had not been compromised.
PYMNTS reported that around one in 10 U.K. businesses can bounce back after fraud cases, which they consider simply part of the risk when running a business.