Telegram has become a hub for hackers looking to sell stolen data and share hacking tools, shows an investigation by the Financial Times and Cyberint. The Telegram channels hosting this activity often have tens of thousands of subscribers.
Telegram was launched in 2013. It allows users to broadcast messages to followers via “channels” or create easy-to-access groups. Unlike competitors, the software lets people share large text and zip files with each other. This makes it easy to info dump bulk data or sell data “wholesale.”
Byte Black Market
Hackers commonly sell email and password combos on Telegram. These are sets of log-in credentials that users can buy to co-opt accounts for services like Minecraft game servers and Netflix.
These lists of credentials often come from big data breaches. Sometimes the files contain thousands of combos, which buyers then break up and sell on for profit.
The hackers selling info go so far as to make adverts and offer discounts with promo codes. More concerningly, credit card details and personal information like passports are also up for grabs. With these, ID theft is as simple as paying a small fee.
The prevalence of stolen credentials shows the importance of using tools like password managers in conjunction with strong multi-factor authentication.
Telegram founder Pavel Durov said the company is planning to sell advert space in the app channels. In order to do so, the software would have to “clean house.” Telegram began shutting down channels linked to white supremacy and the Capitol unrest in January.
The company announced in a statement that it has a moderation “policy for removing personal data shared without consent.” It went on to explain that it has a team of experts removing thousands of communities that violate terms of service a day.
It then seems that this informal black market is on borrowed time. With the increasing focus on privacy and data protection, Telegram will likely continue to tighten safety to avoid regulation and outside intervention.