More than 15 million users of the instant messaging application Telegram had their data exposed by a hacker group called Rocket Kitten in Iran. According to the experts consulted by the news agency Reuters, the criminals have taken advantage of an authentication failure in the app.
Hackers Attacks 15 Million Telegram Accounts
Hackers have compromised more than a dozen accounts and exposed 15 million users phone numbers from instant messaging app Telegram in Iran. This incident is named among the biggest cyber-attacks on the encrypted communication system, sources claims.
According to the security experts Collin Anderson and Claudio Guarnieri, earlier this year a cyber attack took place and the data of which have been published only a few days ago, jeopardizes activist, journalists, public figures and politicians involved in the reformist movements and opposition groups in Iran, where the messenger used by more than 20 million citizens.
The researchers believe that the main vulnerability was found in Telegram app, which could cause a leak, every time a new user creates their registration in the Telegram, the application sends a code by SMS to confirm your phone number. While the entire contents of the messages sent by the app is encrypted. Hence, attackers in conjunction with mobile operators could intercept SMS-messages, which making it vulnerable to hackers, experts say.
The security researchers stated that “Authorization through an SMS-message makes Telegram vulnerable in any country, where mobile operators are private companies or entities under a strong pressure from the government”.
What the hackers did is actually they intercept the SMS sent by the instant messaging app Telegram to new users and thus were able to log into their accounts on any device. From there, the hackers expanded their range to reach more than 15 million victims just only in Iran, as far as is known.
According to the experts, Rocket Kitten is known for targeting individuals, businesses and government organizations across the Middle East countries. However, the researchers yet not assert that sponsored hackers Rocket Kitten has done.
In a statement, representatives of the Telegram said that it was available only to public information, 15 million accounts were compromised. Such a massive testing have become impossible since Telegram imposed some restrictions in the API.