Some hackers got possession of the telephone numbers of 15 million Iranians that use Telegram and managed to break some of their accounts.
Revealed by researchers Claudio Guarnieri and Collin Anderson, the cyber attack was performed by Rocket Kitten, an espionage group in connection with the Iranian Government, and was targeted towards the Iranian users of the application.
According to the two researchers quoted by Reuters, the hackers managed to break some accounts as they intercepted some of the confirmation codes transmitted via SMS to the users.
To prevent such attacks, last year Telegram launched a two-step optional authentication function that uses a combination of SMS-transmitted codes and passwords. “If you do this two-step authentication, the attackers cannot harm you”, stated the company representatives at the time.
However, due to the SMS vulnerabilities, NIST (National Institute of Standards and Technology) is considering eliminating SMS codes from the two-step authentication process.