Some media reported on a “massive hacker attack” on Telegram in Iran.
Here's what really happened:
Telegram accounts
Certain people checked whether some Iranian numbers were registered on Telegram and were able to confirm this for 15 million accounts. As a result, only publicly available data was collected and the accounts themselves were not accessed. Such mass checks are no longer possible because of limitations introduced into our API earlier in 2016.
However, since Telegram is based on phone contacts, any party can potentially check whether a phone number is registered in the system. This is also true for any other contact-based messaging app (WhatsApp, Messenger, etc.).
SMS codes
The media also reported on several accounts which were accessed earlier this year by intercepting SMS-verification codes – this is hardly a new threat as we've been increasingly warning our users in certain countries about it. Last year we introduced 2-Step Verification specifically to defend users in such situations.
If you have reasons to think that your mobile carrier is intercepting your SMS codes, use 2-Step Verification to protect your account with a password. If you do that, there's nothing an attacker can do.
See also:
- Security tips
- 2-Step Verification
August 2, 2016
Ten articles before and after
Trending Stickers, Storage and More
Photo Editor 2.0, Masks and Homemade GIFs
First BotPrize Winners Get $200,000
Pinned Chats and IFTTT Integrations
Drafts, Picture-in-Picture, and More
Edit Messages, New Mentions and More
Instant Camera and More 3D Touch