Be careful, more than 360 million hacked identifiers have been published on Telegram! These are very popular platform accounts. Check quickly if you are affected by this huge leak of personal data!
Cyberattacks are definitely on the rise at the moment, regardless of the country! This time, anonymous cybersecurity researchers communicated to Bleeping Computer a large-scale leak concerning hundreds of millions of hacked personal accounts, from the main platforms and social networks such as Facebook, X.com, Instagram and Tinder. Indeed, they discovered no less than 361 million unique hacked identifiers (usernames, email addresses and passwords in plain text) on Telegram channels, a platform particularly popular with hackers for exchanging illegal information. A real gold mine for cybercriminals!
All these new hacked email addresses have been added to Have I Been Pwned? (HIBP), the free online service that allows users to check whether their account credentials and other data have been compromised in one or more data breaches. According to Troy Hunt, the creator of the service, 151 million of them had never been listed in the database. Are you affected?
Hacking on Telegram: are you affected?
The massive cache of compromised credentials, which contained more than 1,700 files from thousands of Telegram channels, was passed to Troy Hunt. Some files contained email address/password combinations, while others listed URLs containing credentials, usually in the form: online service domain/login, checkout, confirm, reset-password:address electronic:password.
With such a large data set, it’s impossible to verify that all leaked credentials are legitimate, much less whether your personal data is part of this massive leak. We can only advise you to check if this is the case using Have I Been Pwned, the tool created by Troy Hunt. In just a few clicks, you can check if your email addresses or phone numbers are among the 361 million unique identifiers hacked.
If your information ever appears in the database, immediately change your password as well as those of your other accounts which are identical – remember, you absolutely must have a strong and unique password for each of your accounts! If you haven’t already, enable two-factor authentication. Remember to terminate existing sessions in order to exclude possible unauthorized users. And, as usual, stay vigilant against possible phishing attempts! If you ever receive an email or SMS that you find suspicious, do not hesitate to use verification tools like Scamio, a free chatbot capable of analyzing communications received and detecting fraud attempts, or Orange Cybersecure, a participatory portal which allows any Internet user to check if a link is malicious (see our article).