My Telegram account is hacked! Is it possible to hack into one of the most secured messaging accounts? Contrary to popular belief, your Telegram account can be hacked! And it is nothing to do with Telegram’s encryption or security. Although it is very rare, there are reports of Telegram accounts hacked by rogue governments (think of Russia and Iran) and resourceful hackers.
How can someone hack a Telegram account
Telegram uses a very strong industry-standard encryption of all messages between the client and their servers for normal chats. For secret chats, they use end-to-end encryption between the two devices. The encryption is very strong that it is totally impossible to hack an account with today’s resources, even for government law enforcement agencies. So how can hackers and rogue governments hack into Telegram accounts?
The problem lies not with the encryption system but with the account log-in protocols. Telegram accounts are tied to their phone numbers at initial creation. You can change this phone number. Every time someone logs in to their Telegram account on a new phone, their server will send an SMS message with a login code to the registered phone number.
Now, this is the real weakness of Telegram or any other secured messaging apps that rely on SMS for phone login. This SMS is not encrypted and can be read by the phone operator. So, for example, if you are in Iran and the government knows your phone number, all they need to do is to log in to Telegram on a new phone using your phone number. When the server sends the login SMS to your number, they can intercept it at the operator. Using that number, they can then successfully log in to your Telegram account on another phone.
The SMS protocol is highly insecure. If you have necessary expertise and resources, any hacker can intercept the Telegram login SMS messages and login to your account on their phone. They will then able to read old messages and check out your contacts. Only messages they cannot read are those in the secret chat, which are end-to-end encrypted between the two devices.
Another way to hack into your account is if someone (think of your girlfriend!) has access to your phone for a short while. During that time, he or she can log in to your account on his/her phone and use the SMS sent to you to log in to your account.
How can you know if someone has hacked into your account
Depending on the activities of the hacker, you may or may not notice the security breach. However, you may notice the following:
- You are suddenly logged out from one or more of your device without apparent reason
- You see messages that are not yours
- Your profile picture or other profile information change without your intervention
- You receive long in SMS without you logging in to your account
So how can you check if someone has log in to your Telegram account?
- Open Telegram on your phone. Click Setting. Click Devices in the Settings.
- You will see all current sessions (top panel) and all active sessions (bottom panel). Check if all of these devices are yours.
- If you see any device that you do not recognize, the chance is, someone has hacked into your Telegram account.
- You can terminate a single device from the lower panel or terminate all sessions.
- After terminating the unauthorized device, please follow the below steps to prevent someone from logging into your account illegally.
How can I prevent my account from hackers
To prevent someone from hacking into your Telegram account, you should improve your Telegram Privacy and Security Settings. The most important setting to change is to set up Two-factor authentication. Telegram’s 2FA is different from other 2FAs. It is just a second step where you have to supply your password in addition to your phone number to log in to your account. So even if someone has access to your SMS code, they still could not log in to your account without knowing your password.
The second setting you should set up is to hide your telegram phone number. Instead, use your user name to let other people contact you. If a resourceful hacker or a government agency doesn’t know your phone number, it would be difficult to intercept your login SMS.
Also, whenever you are going to talk someone sensitive, try using Telegram’s secret chat feature. Using secret chat in Telegram, you can make sure only your device and your contact’s device can read the secret messages. Even if someone have a device logged in to your account, they cannot see your messages as long as you are the one who starts the secret chat.