I’ve just found a very disturbing advertisement on a dark-web marketplace, where an unknown entity offers access to any telegram user data for the low price of $20,000. They have also said that they have not hacked telegram in any way; instead, they are working with employees within the company to get data on any user. They can give any user chat logs for the past six months. If they are working with insiders, this is serious.
The advert reads:
“Accessing telegram servers. I have access to the Telegram servers through my employees. I can get any information for you!
Do not write if you are financially unable to pay!
Hacking telegram is not possible! All information is taken from servers!
Timing 2-4 days!”
Telegram is one of the most popular instant messaging apps in the world. They have over 700 million monthly active users and is one of the ten most downloaded apps in the world. Telegram is also supposed to be one of the most secure apps in the world, with world-beating encryption, which is why it’s the choice of many.
This is very concerning if this advert is correct and the vendor has access to telegram employees who can exfiltrate user information, including chat logs for any user for the past six months.
This goes back to what I keep saying about not trusting any technology. If you have something very important to say and you don’t want anybody to be able to listen, do not use an application, No matter how secure it claims to be.
We contacted the person who posted the ad, posing as a government buyer and requested more information. We have also contacted telegram to ask them to explain how insiders can access encrypted information. I will keep you posted when we know more.
All the best,
Incognito Privacy Care Team