Secure instant messaging app Telegram has denied Iranian hackers breached its systems and stole the telephone numbers of 15 million users in Iran.
But the company has admitted that the hackers may have breached security to access a dozen accounts by intercepting one of its SMS verification messages.
However, it added that this was not a ‘new threat’.
Telegram denied it had been hacked in a post in its official blog.
“Certain people checked whether some Iranian numbers were registered on Telegram and were able to confirm this for 15 million accounts. As a result, only publicly available data was collected and the accounts themselves were not accessed. Such mass checks are no longer possible since we introduced some limitations into our API this year
“However, since Telegram is based on phone contacts, any party can potentially check whether a phone number is registered in the system. This is also true for any other contact-based messaging app (WhatsApp, Messenger, etc.)”, the post read.
Regarding the issue of intercepting SMS verification codes, the company said:
“…this is hardly a new threat as we’ve been increasingly warning our users in certain countries about it. Last year we introduced 2-Step Verification specifically to defend users in such situations.
“If you have reasons to think that your mobile carrier is intercepting your SMS codes, use 2-Step Verification to protect your account with a password. If you do that, there’s nothing an attacker can do.”
On Tuesday, security researcher Colin Anderson told Reuters: “We have over a dozen cases in which Telegram accounts have been compromised, through ways that sound like basic coordination with the cellphone company.”
Telegram, which provides end to end encryption on its messages is favoured by security conscious users and is often used by journalists, activists and dissidents to send sensitive information, with many users now fearing they may have been compromised.
It is not known if the alleged security breach is the work of the Iranian authorities. However, security researchers have claimed it has the hallmarks of a group of hackers known as Rocket Kitten who are thought to have links to Iranian security services.
The Telegram app was founded by Paul Durov after he was forced to flee Russia following pressure from authorities over his social network VKontakte.
In October, Iran temporarily blocked the app after Telegram had refused to hand over data on its users to the government.