Cybersecurity Concerns Rise as Telegram Faces Data Breaches
Telegram, the popular messaging platform, has again found itself at the center of a significant data breach incident. In August, the platform’s founder and CEO, Pavel Durov, was arrested in France amid allegations regarding criminal activities facilitated through the app. Authorities accused him of failing to cooperate with investigations by withholding critical data. In response to these claims, Telegram defended itself, stating that it was "absurd to claim that a platform or its owner are responsible for abuse of that platform."
Following his release on bail, which required a hefty payment of $5.56 million in fines, Durov indicated that Telegram would implement changes aimed at increasing transparency with law enforcement. The adjustments will enable the platform to share user data with authorities upon request, a move intended to mitigate the potential for malicious activities within its ecosystem. Despite these efforts, concerns regarding data privacy on the platform remain prevalent, particularly among its vast user base of over 900 million.
Among the most alarming recent events was a cyber-attack on Star Health Insurance, reported on October 9. The company confirmed that this incident resulted in unauthorized access to sensitive data belonging to approximately 31 million policyholders. Although officially acknowledged in October, reports of the breach had circulated weeks prior. The attackers exploited Telegram chatbots to publicize not only personal information but also around 5.8 million insurance claims, raising serious questions about the platform’s security measures.
While Telegram swiftly deactivated the compromised chatbots, a significant amount of data—ranging from contact details to identification documents—had already been disseminated. The user behind the chatbots, known by the pseudonym "xenZen," appeared to operate with little fear of consequence, even inviting potential buyers to verify the authenticity of the leaked information on a newly launched website. In a preemptive move, Star Health had taken legal action against Telegram, filing a complaint with the Madras High Court prior to the breach’s public disclosure, accusing the platform of allowing the existence of the selling chatbots.
This incident is not an isolated example of Telegram’s security lapses. In June of the previous year, private health data from Indians registered on the CoWIN platform for Covid vaccinations was publicly exposed through similar Telegram bots. Data leaked in that instance included phone numbers and sensitive identification details of numerous individuals, including prominent political figures. Additionally, in a series of high-profile incidents this year, examination papers from the National Testing Agency were leaked on Telegram just days before scheduled assessments, necessitating significant exam cancellations.
The ongoing pattern of data breaches can be attributed to Telegram’s design, which facilitates global connectivity and allows users to create chatbots that can be misused for sharing compromised information. Additionally, the platform’s reputation for maintaining user anonymity complicates accountability and encourages malicious activities. Historically, Telegram resisted sharing user data with law enforcement as a matter of policy, but a recent pivot indicates a potential shift in this stance as it grapples with increasing scrutiny over its data privacy practices.
From a cybersecurity perspective, the vulnerabilities seen on Telegram may involve tactics outlined in the MITRE ATT&CK framework, such as initial access through compromised accounts, exploitation of data sharing methods for persistence, and potential privilege escalation to access sensitive information. As these incidents highlight the risks posed by a lack of stringent security protocols, business owners and technology professionals must remain vigilant in assessing their cybersecurity posture and consider how to fortify their defenses against similar breaches.
