Produced by Big Data Digest
Source: Kod Ru
Compile: Yan Jieqiong, Niu Wanyang
Data security is always a question around everyone’s mind. The more you buy a mobile phone, the more expensive it is. Obviously, you pay great attention to private information. How can there be data leakage?
Recently, a 900M database appeared in the dark network, which contains the phone numbers, nicknames and user IDs of millions of Telegram users. The exact number of affected accounts is unknown, but it is estimated that there are millions.
According to Russian media Kod Durova, about 70% of the accounts in the database belong to Iranian users, and the remaining 30% belong to Russian users. Telegram confirmed the data leak and explained that the information was obtained through the contact input function of the address book.
After the contact is imported, you can get more information.
It means the contact person imported by the user himself, so do you blame the user himself for the problem?
Such a database usually matches the phone number with the user ID. They are created by using contact data during registration. Unfortunately, services that allow users to contact through mobile phones cannot completely avoid this method. "Telegram told reporters.
Telegram also said that additional protection measures have been taken in 2019, so most of the leaked user information is outdated.
"More than 84% of the data was collected before mid-2019. Most accounts in the database (no less than 60%) contain outdated information. This shows that we were able to control the number of such data leakage cases last year, "the representative of Telegram told Kod Durova.
This database was originally a combination of several batches of leaked data, with a total of about 40 million rows. Part of the data came from a leak in early May 2020, and another 12 million pieces of information related to Russian telephone numbers were probably leaked in April 2020.
Some netizens don’t think so.
"The data that has been leaked is old data, so these 60% leaked users have changed their mobile phones and their mobile phone numbers?"
Telegram is regarded as a messenger concerned about privacy, but it obviously lacks some basic functions, such as not encrypting the group end to end, and only allowing private secret chats, so it is popular among many anonymous organizations.
Because telegram is very popular in places where speech is limited, dissidents, journalists and other people with intentions eventually use it as an anonymous and some kind of secure communication means.
The problem with the contact import function is that it allows attackers to match users’ anonymous accounts with related phone numbers, even if users choose to hide the numbers.
Having a person’s phone number allows government agencies or hackers to get further information about this person: their name, phone records, general location and so on.
This function is easy to be used by people with a will. For example, in the planning of group activities, some users found that this function allows attackers to join the group chat of participants and reveal the phone numbers of all their members.
A bad participant only needs to enter a series of numbers as "contacts" from the phone book to messenger, and then wait for it to find a number that matches someone’s account.
No problem: Just like WhatsApp or Facebook Messenger, Telegram is based on phone number.
This means that you must be able to see that your contacts also use this application, "the telegraph spokesman told ZDNet," and the phone number setting controls the user visibility of the phone number without your phone number (instead of WhatsApp displaying your phone number in any other group). "
Nevertheless, even knowing the limitations of Telegram, users can’t simply switch to a better choice.
"Finding an application like telegram is not feasible for us."
Because the way of chatting depends largely on whether there is anonymity, telegrams can support anonymity. "Chu Ka-Cheong, the Hong Kong branch of the Internet Association in charge, said.
Because there is no better choice, using "instant sim card" (an anonymous disposable sim card) is the best way to continue to use various messenger app without revealing the main number and all related information.
Earlier, Roskomnadzor, a Russian internet censor, lifted the ban on the use of Telegram in China after it agreed to filter content related to terrorism and extremism.
Seeing this, everyone will feel very strange. There are always incidents of data leakage, for example, it is creepy.
It is true that we authorized to import the address book, but we did not allow the app to read our other private data.
Your address book is being monitored! There are also people who blatantly steal your data.
It is nothing new that the address book is authorized to be stolen. At the end of April this year, because Xiaomi’s latest model of mobile phone has a function to check which mobile phone data you have read, netizens found that many apps can read your address book and background data of various applications aboveboard. What’s even more amazing is that they even read it every 6 seconds!
This is the case. After the MIUI12 system of Xiaomi mobile phone was updated, it introduced a heavy function-privacy protection, and added the function of "flare".
This "flare" can silently monitor the startup of apps in mobile phones, and can also secretly monitor which apps are secretly awakened for you! Sometimes you obviously only start an APP, but in fact, the background applications are all open.
This … no matter how good the performance of the mobile phone is, it can’t help such a "sneak attack". The power is slipping down, and even the mobile phone will be stuck before long. The most important thing is that the data has been taken away blatantly.
For many Android mobile phone users, all this may not be unfamiliar, and they may even have long been accustomed to such "hidden rules of Android ecology".
Data security seems to be an eternal topic, but everything has two sides, one is good and the other is bad. What we can do is to be as safe as possible.
Perhaps the dark clouds only temporarily blinded our eyes, but justice will never be late.
Related reports:
https://kod.ru/darknet-sliv-baza-telegram-jun2020/
Original title: "The so-called safest Telegram is also recruited! The phone information of millions of users is shocked by the dark network, and your address book is being stolen.