Cybercriminals have used the Telegram Messenger app for years as they look to buy, sell and share stolen data. One report suggests that this messaging app has recently become an alternative to the dark web.
An investigation by cyber intelligence group Cyberint and the Financial Times found a growing hacker network that shares data from leaks, sometimes in channels with tens of thousands of subscribers, lured by its ease of use and light-touch moderation.
“Its encrypted messaging service is increasingly popular among threat actors conducting fraudulent activity and selling stolen data . . . as it is more convenient to use than the dark web,” said Tal Samra, cyber threat analyst at Cyberint.
The number of mentions in Telegram of “Email:pass” and “Combo” — a way that hackers indicate stolen email and passwords lists are being shared — rose fourfold during the past year to nearly 3,400.
In one public Telegram channel called “combolist” -- which has more than 47,000 subscribers -- hackers sell or circulate large data dumps of hundreds of thousands of leaked usernames and passwords, according to the report.
Telegram launched in 2013, allowing users to broadcast messages through a channel or create public and private groups that others can access. Users can also send and receive large data files, including text and zip files, directly via the app.
The platform claims to have more than 500 million active users, and topped 1 billion downloads in August, according to data from SensorTower.
Combo List Gaming HQ is a post that offered 300,000 emails and passwords that it claimed were useful for hacking video-game platforms such as Minecraft, Origin or Uplay. Another claimed to have 600,000 logins for users of the services of Russian internet group Yandex, and others, for Google and Yahoo.
Telegram removed the channel on Thursday after it was contacted by the Financial Times for comment, according to the report.