Some media reported on a “massive hacker attack” on Telegram in Iran.
Here's what really happened:
Certain people checked whether some Iranian numbers were registered on Telegram and were able to confirm this for 15 million accounts. As a result, only publicly available data was collected and the accounts themselves were not accessed. Such mass checks are no longer possible because of limitations introduced into our API earlier in 2016.
However, since Telegram is based on phone contacts, any party can potentially check whether a phone number is registered in the system. This is also true for any other contact-based messaging app (WhatsApp, Messenger, etc.).
The media also reported on several accounts which were accessed earlier this year by intercepting SMS-verification codes – this is hardly a new threat as we've been increasingly warning our users in certain countries about it. Last year we introduced 2-Step Verification specifically to defend users in such situations.
If you have reasons to think that your mobile carrier is intercepting your SMS codes, use 2-Step Verification to protect your account with a password. If you do that, there's nothing an attacker can do.
August 2, 2016
The Telegram Team