Cybercriminals are using Telegram to share illegally obtained private data

Cybercriminals have a new alternative to the dark web - Telegram. An investigation by cybersecurity researchers into the messaging platform has revealed that private data of millions of people are being shared openly on groups and channels that have thousands of members. Researchers from vpnMentor found that cybercriminals are using Telegram to “share and discuss” massive data leaks that can expose “millions of people to unprecedented levels of online fraud, hacking, and attack”.

Another investigation conducted by NortonLifeLock has found evidence of a “thriving illegal marketplace” on Telegram where everything from Covid-19 vaccines, personal data, pirated software to fake IDs are up for sale. The research done by vpnMentor had their team joining several cyber crime-focused groups and channels on Telegram to witness these “illicit exchanges” between bad actors and themselves first hand. Not surprisingly, they found hackers “openly posting data dumps on channels” some of which have over 10,000 members. These “unscrupulous users” also don't shy away from discussing how these data dumps can be exploited.

Traditionally, data dumps like these are usually exchanged over the dark web. Moving these exchanges to Telegram has its advantages including “protecting the privacy of its members”. Also, Telegram has a lower barrier for entry as compared to the dark web and this messaging platform is also immune to Distributed Denial of Service (DDoS) attacks, web takedowns that can threaten how cybercriminals work on the normal web.

Is there a fix? The vpnMentor report has mentioned that Telegram has taken “limited steps” to remove groups related to hacking, but that hasn't made much of a difference.