Recently, while browsing through Telegram, I often came across people saying that their Telegram accounts had been hacked. I never understood how Telegram accounts could be hacked until today when I experienced it myself. Only then did I learn about the process of hacking an account.
Incident Details
Early this morning, a friend of mine who I had previously bought the Office365 Family version from messaged me, saying that his Telegram seemed to be acting up and there were multiple conversations between me and him. I was completely confused and he sent me a screenshot, which indeed showed two of my profile pictures. I replied, saying that he should just delete one of them. Then, something even more amusing happened:
Friend: Don't mess around!
Me: ???
Friend: I have multiple copies of you here.
Me: ???
Friend: Screenshot (showing 4 copies of me....)
Among the 4 copies of me that my friend showed, 2 of them were private chats. At the same time, I also had a private chat interface with my friend on my end. I told him to close the private chat, but he kept asking me what was happening on my end. I casually explained, and then he asked me to screenshot it for him. I quickly took a screenshot (looking back now, I realize how lucky I was), but after that, he continued to ask me for more screenshots. I got annoyed and ignored him. However, after about 10 minutes, I suddenly received a login verification code from the official Telegram account. It struck me that something was wrong, so I went back to look for the previous screenshot, and fortunately, it didn't show the verification code. There was also suddenly an additional device logged into my account, an iPhone X, so I quickly deleted it.
Analysis of the Modus Operandi
In fact, this method of hacking is not complicated at all. If you haven't set your privacy settings, and if the other person is your friend, they can actually see your registered phone number. They can log in by verifying it. When the official Telegram account sends you a verification code, they start to manipulate you into taking a screenshot, which will include the verification code. This is also a problem with the official Telegram account. Most people have it on mute and think that the messages it sends are useless. The login verification code is sent by the official Telegram account, not as a mobile verification code, so many people overlook this and casually take screenshots, neglecting this very important security issue. Once the other person has your verification code, they can successfully log in and change the bound phone number, making it very difficult for you to recover your account.
How to Prevent Account Hacking?
Firstly, you must enable two-step verification on Telegram.
Secondly, in your settings, make sure your phone number is not visible to anyone, not even acquaintances, because you cannot determine if the other person's account has been hacked. In my case, it was a friend who hacked my account, and later when I asked him through WeChat, he said he was also hacked by someone who took a screenshot like this. It was only after I reminded him that he realized his account had been hacked.
Lastly, I want to reiterate:
Never disclose your message list screenshots, and especially not any system login verification codes.
Do not disclose your Telegram-bound phone number to anyone. This way, others cannot see our phone numbers and cannot log in using our phone numbers.
Make sure to set up two-step verification. After setting up two-step verification, even if someone obtains our login verification code, they still need a locally stored login password to successfully log in, and the other person cannot obtain this.