If you'll recall, WhatsApp asked its users to accept a revised policy allowing it to share data with its parent company Facebook earlier this year. Users were outraged, and WhatsApp had to clarify that it still won't be able to read their private communications. Even so, people migrated to rivals offering secure similar messaging capabilities — for Telegram, that has apparently led to a rise in criminal activity conducted through the app.
According to the investigators, there's a ballooning network of hackers sharing and selling data leaks in channels with tens of thousands of subscribers. The number of times "Email:pass" and "Combo" were mentioned in the app over the past year reportedly rose fourfold. Some data dumps circulating on the app contain 300,000 to 600,000 email and password combinations for gaming and email services. Cybercriminals are also selling financial information, such as credit card numbers, passport copies and hacking tools through the app.
Tal Samra, cyber threat analyst at Cyberint, explained: "Its encrypted messaging service is increasingly popular among threat actors conducting fraudulent activity and selling stolen data ... as it is more convenient to use than the dark web." In addition to being more convenient than the dark web, Telegram is also less likely to be monitored by authorities, Samra said.
Telegram has removed the channel where the massive datasets with email and password combos are being sold after FT notified the company. In a statement, Telegram also said that it “has a policy for removing personal data shared without consent" and that it has an "ever growing force of professional moderators" removing 10,000 public communities every day for violating its TOS. Earlier this year, those moderators had to monitor hundreds of channels to keep an eye out for calls of violence following the attack on the US Capitol.