Security

Your Telegram got hacked? Here’s what you can do about it

Ray Fernandez

Oct 25, 20249 min read

Your Telegram got hacked? Here's what you can do about it (Header image)

With unique features like secret chats and self-destruction capabilities, Telegram has built a strong security and privacy reputation. But despite all this, the big question remains: is it the ultimate secure messaging app? Will your Telegram account ever be hacked?

Can someone hack your Telegram?

Unfortunately, they can. One of the easiest ways to hack a Telegram account is by gaining physical access to an unblocked phone or device. In that case, all of Telegram’s security bells and whistles go out the window. Even the company admits they cannot protect you in that situation unless you take immediate action.

On the other hand, Telegram bots, group admin, and even user accounts can be hacked via phishing, malware, scams, or other techniques. Like any other app, the messaging app isn’t 100% safe from hackers.

How secure is Telegram?

Telegram’s reputation is mainly based on users’ perceptions derived from its messaging features. And when compared to WhatsApp and Signal, most experts say that Telegram sits between these two apps in terms of privacy and security.

When it comes to encryption, Telegram only uses E2E encryption for messages sent in Secret Chat mode. The app encrypts common messages sent over the cloud using client-server/server-client encryption developed in-house. The encryption cannot be verified externally to test its security, raising eyebrows among security experts.

Furthermore, Telegram does not turn on Secret Chat by default. Users need to open their profile and tap Start Secret Chat to use this feature.

Like Snapchat, Telegram provides message self-destruct capabilities with this feature. WhatsApp, on the other hand, uses end-to-end encryption E2E with three keys for all its messages. This encryption protocol is the same as the one Signal uses.

Regarding privacy and your data, WhatsApp collects and gathers a lot of your personal data. This includes location, IP address, contacts, updates, ISP details, mobile phone model, purchase history, crash data, performance, and interaction data. By contrast, Telegram only asks for your phone number, email, and contact info and keeps primary data on your contacts. Finally, Signal only asks for a phone number.

In other words, Telegram’s encryption is weaker than Signal and is not always turned on like WhatsApp. And while Telegram has tighter privacy policies for your data, they do not outperform those used by Signal.

Is hacking a Telegram group common?

Hacking Telegram groups is not uncommon. Telegram groups can have up to 200,000 members, making them very attractive tools for cybercriminals to run their campaigns.

Common scams used in hacked Telegram groups include:

  • Fake Telegram groups
  • Crypto scams
  • Phishing scams
  • Tech support scams
  • Cryptocurrency giveaways
  • Ad scams
  • Fake jobs, fake interview requests
  • Group phishing

Additionally, by default, anyone can add you to a group without your permission. You can opt out of this option by going to your Settings and navigating to Privacy and Security > Groups & Channels, and changing Who Can Add Me to My Contacts only.

Can you get hacked through a Telegram bot?

If you have reason to think, “My telegram account is hacked,” you should learn how bots work in Telegram.

Any person with a telephone number can create a Telegram account, and with that privilege, they can easily create an AI-driven bot. Telegram bots use natural language processing and AI to create human-like conversations. This automation allows scammers to expand their reach instantly and significantly.

Using bots, cybercriminals can pose as banks, financial institutions, account login and security teams, and digital service providers like PayPal, Apple Pay, Google Pay, and others. Furthermore, they can reach thousands or millions of users with bots. These bots will try to trick users into giving away sensitive information, financial data, passwords, and other critical details.

To stay safe from malicious Telegram bots:

  • Double-check the source of any message your get.
  • Be suspicious of messages that sound urgent.
  • Never share passwords or personal data online.

Is it possible for someone to hack my phone through Telegram?

Yes, it is indeed possible to hack a phone through Telegram. End-to-end encryption is enabled for individual chats, but phishing links with social engineering tactics could be used to trick you into downloading malware onto your device.

Telegram would merely be the “vehicle” used to introduce malware onto your phone. Once the malware is there, it can begin installing its own apps or stealing your sensitive data.

Be extremely cautious if you are sent a link, even if it’s from somebody you think you know well enough. Like any other messaging app, Telegram isn’t 100% safe from hackers and never will be.

Common ways to hack a Telegram account

There are many reasons why Telegram accounts are hacked. While all of them are illegal, the majority of accounts are breached by worried parents or suspicious partners. Monitoring apps can hack Telegram cams, screens, activities, chats, and more.  

Top ways Telegram can be hacked:

  • Monitoring and parenting spyware apps like Spyic
  • Phishing and social engineering (tricking users into giving away credentials)
  • Gaining verification codes
  • Forwarding calls
  • Malware sent via Telegram messages
  • Brute force attacks (running software that tests hundreds of thousands of passwords)
  • Ransomware, data exfiltration, or leaks (a company can be hacked, and user data can be leaked or sold)
  • Other cybercriminal techniques used to hack messaging apps

What to do if your Telegram has been hacked

There are several things you can do if you think your Telegram has been hacked. These range from removing devices from your account to enabling and strengthening your passcode lock option, activating two-factor authentication, changing your phone number, or even deleting your account if necessary.

How to set up a passcode and 2FA in Telegram

Setting two-factor authentication and a passcode in Telegram is very simple and an excellent way to increase your security. If anyone gets access to your account or your phone, they will need to know your passcode or password to verify their identity.

To set up a passcode for Telegram:

  1. Open the Telegram app.
  2. Go to Settings. Then go to Privacy and Security.
  3. Select Passcode & Face ID for iPhone models or Passcode & TouchID for older iPhone models. On Android devices, select Passcode Lock.
  4. Tap Turn Passcode On and enter a numerical passcode that will lock your Telegram app.
  5. Select Passcode options if you want to switch between a four-digit or six-digit passcode.
  6. Now select the Auto-lock option to customize the duration for the lock. It can be anything from 1 minute to 1 hour or longer.

To set up 2FA in Telegram:

  1. Go to Settings. Then go to Privacy and Security.
  2. Select Two-Step Verification.
  3. Set a password.
  4. Add a hint to your password.
  5. Now enter a recovery email to get your verification code.
  6. Enter the code sent to your email.
  7. Your 2FA should now be active.

How to remove devices from my Telegram

To remove devices from your Telegram account:

  1. Open the Telegram app.
  2. Go to Settings, then Devices. You will see a list of devices that are using your Telegram account.
  3. If you see an unknown device, tap the device’s name.
  4. Select Terminate Session to remove it from your Telegram account. Additionally, you can toggle the option to disable incoming calls for the device.

How to recover Telegram if your phone was stolen

If someone has stolen your phone, you should take immediate action. Whoever has your phone number also effectively has your Telegram account. However, you can still log in to your account on another device and try to salvage the account.

Here’s what to do if you lose your phone:

  1. Go to Settings, then Devices (or Privacy and Security > Active Sessions), and terminate your Telegram session on the old device. The person who stole your phone will not be able to log in again, since they need the password. 
  2. Contact your phone provider and ask them to block your old SIM and issue you a new one. To switch to a new phone number, go to Settings, tap on your phone number, and change your Telegram number.

How to check if your Telegram account has been hacked

There are various red flags to look out for that may indicate that your Telegram account has been hacked. Have any of the following happened to you?

You can’t log in

Like WhatsApp, Telegram uses your phone number as your login credentials. If you can’t log in to your Telegram account, it could indicate that a hacker has gained access to your account and changed the registered number to their own.

Your bio and image have been changed

If you notice that the bio and image on your account are not yours, then you have an unwelcome visitor in your Telegram account.

Like on Instagram, many unique usernames are coveted on Telegram. This can lead to someone hacking your account to change the phone number and take the account for themselves. They would then change the bio and image.

Strange notifications

If your Telegram account starts telling you that you’ve joined groups that you don’t recognize or if you see you’ve sent messages that you definitely didn’t write, it’s a major red flag that your account may have been hijacked.

How can you report a hacked Telegram account?

Reporting a hacked Telegram account is the essential next step. However, Telegram’s method of letting people report compromised accounts is rather unusual. 

You are asked to send the username of the hacked account to a Telegram bot called “notoscam.”

Here’s how to do it:

  • First, look for the @notoscam bot on Telegram. You’ll see the @notoscam account (with the official blue checkmark) in the search results. Ironically, multiple fake accounts also appear in the search results. Choose the one with the blue checkmark.
  • When the chat window opens, enter the details of the hacked account you want to report. The bot will not reply immediately to your message, so you may wonder if it worked or not. But Telegram insists that this is the correct way to report a scam or a hacked account.

There is also an email address, [email protected], but this appears to be specifically for accounts that are abusing and harassing users. If going through the notoscam bot doesn’t work, try the email address.

How to prevent your Telegram account from being hacked

You should never have to go through the headache of getting hacked, having your Telegram account stolen, or getting malware on your iPhone. You can avoid becoming a statistic or becoming a victim again by taking certain actions.

Here’s what you can do to prevent your Telegram account from being hacked:

  • Enable 2-factor authentication: In Telegram, 2-factor authentication is known as Two-Step Verification. (For instructions on how to enable this feature, refer to the previous section in this article.)
  • Don’t respond to messages asking for codes: If the hacker tries to register their own phone number on your account or needs your 2FA codes, they may try to use social engineering to trick you into giving them up. Never reveal those codes to anyone.
  • Don’t click any links from unknown contacts: The main way for a hacker to gain access to a Telegram account is through malware-infected links. Don’t click links inside messages.
  • Install all Telegram updates: Hackers may find it easier to gain access to your Telegram account if there is an unpatched vulnerability in the Telegram app. When new updates appear in the iOS App Store, install them immediately.
  • Don’t share personal information: The more information a hacker has on you, the more easily he can take over your identity — and your Telegram account. If you don’t share personal information about yourself, you leave them with nothing to work with.

How to delete a Telegram account

If all else fails, you can delete your account via the deactivation page. This is a permanent and irreversible process that will delete all your messages, content, and contacts, including your groups and channels.

Once you enter your phone number on the deactivation page, you will be sent a code to your Telegram account, which you will need to use to confirm the deleted account. Additionally, Telegram accounts self-destruct if you do not go online for at least six months.

Telegram stands out from other messaging apps thanks to its many features. AI bots, massive groups, channels, and even self-destructive secret chats are some features that Telegram users love. However, hacked Telegram accounts are far from uncommon. Make sure to stay informed of known Telegram scams, turn on passcodes and 2FA, and be cautious when interacting with suspicious messages.

Ray Fernandez Ray Fernandez
Ray has been covering tech and cybersecurity for over 15 years. His work has appeared on TechRepublic, VentureBeat, Forbes, Entrepreneur, and the Microsoft Blog, among others.