During this period of time, I often see people on Twitter saying that their Telegram accounts have been hacked. I have always been puzzled about how Telegram accounts are hacked until today when I actually encountered this incident myself, and I finally understood the process of this account theft.
Incident Overview#
Early this morning, a friend who I previously bought the Office 365 Home version from suddenly messaged me on Telegram, saying that his Telegram seemed to be acting up and there were multiple conversations between me and him. I was completely confused by what he said, so he sent me a screenshot, and indeed, there were two of my avatars in the screenshot. I replied, "Just delete one of them." Then, a funny scene unfolded:
Friend: Don't mess around!
Me: ???
Friend: I have several more of you here.
Me: ???
Friend: Screenshot (There were 4 of me in the picture....)
Among the 4 of me that I saw, 2 were private conversations. At the same time, I also had a private conversation interface with the other person on my end. I told him to close the private conversation, but he kept asking me what was happening on my end. I just casually explained, and then he asked me to take a screenshot for him to see. I quickly took a screenshot (thinking back now, it was quite lucky), but after that, he continued to ask me for screenshots. I felt annoyed and ignored him. However, after about 10 minutes, I suddenly received a login verification code from the official Telegram account. I suddenly realized that something was wrong and went back to look for the previous screenshot. Fortunately, it didn't appear in the screenshot. There was also suddenly an additional device, an iPhone X, in the list of logged-in devices, so I quickly deleted it.
Analysis of the Modus Operandi#
In fact, this modus operandi is not complicated at all. If you haven't set your privacy settings, and if the other person is your friend, they can actually see your registered phone number. The other person logs in by verifying the phone number. When the official Telegram account sends you a verification code, they start to guide you to take a screenshot, and the verification code will appear in the screenshot. This is also a problem with the official Telegram account. Most people have it on mute and think that the messages it sends are useless. Moreover, the login verification code is sent by the official Telegram account, not as a mobile verification code. Therefore, many people overlook this point and casually take screenshots, neglecting this very important security issue. Once the other person has your verification code, they can successfully log in and change the bound phone number, making it very difficult for you to recover your account.
How to Prevent Account Theft?#
First of all, two-step verification must be enabled on Telegram.
Secondly, in the settings, make sure that the phone number is not visible to anyone in the privacy settings, even if they are acquaintances. Because you cannot determine whether the other person's account has been hacked. In my case, my account was hacked by an acquaintance, and later when I asked him through WeChat, he also had his account hacked in the same way. I reminded him and he realized that his account had been hacked.
Lastly, let me reiterate:
Never disclose screenshots of your message list, and never disclose any system login verification codes.
Do not disclose the phone number associated with your Telegram account to anyone. This way, others will not be able to see our phone number and will not be able to log in using our phone number.
Two-step verification must be set up. After setting up two-step verification, even if the other person obtains our login verification code, they still need a locally stored login password to successfully log in, and the other person cannot obtain this password.