In brief

  • Two forked versions of Telegram in Iran were scraped to reveal the data of 42 million Iranian users.
  • The data was leaked online more than a week ago but has since been taken down.
  • It could be used for spreading fake news through the app.

The records of 42 million users from a third-party version of the popular Telegram messaging app have just been leaked.

If these figures don't include duplicate accounts, this means around half of Iran's citizens were affected by the hack, according to population estimates from 2017.

According to a recent report on the situation by Comparitech, the data was initially leaked by an Iranian hacking group, known as 'Hunting system,' on an Elasticsearch cluster—a full-text search engine mostly used by enterprise. The data had no authentication or access controls in place, meaning anybody who knew it was there could have easily accessed it.


The data was removed almost a week ago, but now appears making the rounds on at least one prominent hacking forum, where a user selling the information claims to have found the data while surfing the internet.

Telegram states that the information was scraped from two forked versions of its client: HotGram and Talagram, two of the most popular Telegram alternatives in Iran, since the official app is frequently blocked in the country. Because Telegram is open-source software, this means that its code is freely available to use and modify, thereby allowing anybody to create their own version of the Telegram client.

The data file comprised a list of 42 million records, including the usernames, phone numbers, user account IDs and secret keys for each user. Although the secret keys can't be used to access the affected user's account, the rest of the information could be used for a variety of purposes, potentially including spreading fake news, adding huge numbers of users to groups and spamming.

Although, that’s not the worst thing that Telegram’s used for.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.