Hacker Network Shares Data Leaks On Encrypted Messaging App, Research Shows

Cybercriminals have used the Telegram Messenger app for years as they look to buy, sell and share stolen data. One report suggests that this messaging app has recently become an alternative to the dark web.

An investigation by cyber intelligence group Cyberint and the Financial Times found a growing hacker network that shares data from leaks, sometimes in channels with tens of thousands of subscribers, lured by its ease of use and light-touch moderation.

“Its encrypted messaging service is increasingly popular among threat actors conducting fraudulent activity and selling stolen data . . . as it is more convenient to use than the dark web,” said Tal Samra, cyber threat analyst at Cyberint.

The number of mentions in Telegram of “Email:pass” and “Combo” — a way that hackers indicate stolen email and passwords lists are being shared — rose fourfold during the past year to nearly 3,400.

In one public Telegram channel called “combolist” -- which has more than 47,000 subscribers -- hackers sell or circulate large data dumps of hundreds of thousands of leaked usernames and passwords, according to the report.

The increase in criminal activity on the app, per the report, followed a change in the WhatsApp privacy policy in which the information shared among Facebook companies now includes account registration information such as phone numbers; transaction data; service-related information; information on how the user interacts with others, including businesses when using its services; mobile device information, and IP address, and may include other information identified in the Privacy Policy section entitled ‘Information We Collect’ or obtained upon notice to the user or based on their consent.

Telegram launched in 2013, allowing users to broadcast messages through a channel or create public and private groups that others can access. Users can also send and receive large data files, including text and zip files, directly via the app.

The platform claims to have more than 500 million active users, and topped 1 billion downloads in August, according to data from SensorTower.

Combo List Gaming HQ is a post that offered 300,000 emails and passwords that it claimed were useful for hacking video-game platforms such as Minecraft, Origin or Uplay. Another claimed to have 600,000 logins for users of the services of Russian internet group Yandex, and others, for Google and Yahoo.

Telegram removed the channel on Thursday after it was contacted by the Financial Times for comment, according to the report.


Next story loading loading..