Hackers advertise 44GB Telegram user database on data leak forum

More than 200 million records tied to users of Telegram, one of the world’s largest messaging platforms, have been advertised on a data leak forum, exposing email addresses, phone numbers and other personal details in a dataset totaling 44GB of uncompressed data.

The post, published Jan. 24 on a well-known data leak forum where threat actors trade stolen databases, claims the information was compiled from databases shared in Telegram-based hacking channels. The dataset is divided into at least three databases labeled “Telegram user data,” “Source platform,” and “Telegram.”

A review of a sample attached to the post found that the exposed information includes Telegram usernames, names, email addresses and phone numbers. The dataset appears to contain roughly 66 million phone numbers and user IDs, along with approximately 10 million user records. Analysts also observed around 60 million likely Telegram records within the broader collection.

It remains unclear whether the information stems from a new breach of Telegram’s systems or represents a compilation of previously scraped or stolen data. While some Telegram account details can be publicly visible if users choose to make them available, email addresses are not typically accessible through the platform’s public interface. Phone numbers are also generally restricted unless users adjust their privacy settings.

The dataset’s scale raises concerns about potential misuse, particularly for phishing campaigns. The large volume of phone numbers and contact information could enable attackers to conduct widespread messaging or social engineering attacks targeting Telegram users.

The full extent of the exposure is difficult to determine, as the number of duplicate records within the dataset has not yet been verified. The presence of duplicates could significantly reduce the total number of unique individuals affected.

Separately, NVISO, a Belgium-based cybersecurity consulting firm, warned in December that Telegram has become a hub for threat actors of varying sophistication levels and advised organizations without a clear business need to consider blocking access to Telegram’s API.