PERSONAL DATA OF 20 MILLION MTN IRANCELL USERS AVAILABLE FOR PUBLIC AFTER A TELEGRAM BOT ALLOWED ANYONE WITH A CELL NUMBER OF THE VICTIM TO ACCESS THEIR INFORMATION!
In a strange incident, an Internet bot has been blamed for hacking 20 million MTN Irancell users, one of the most popular and second largest mobile phone operator in Iran.
Fars news agency reported the incident took place on Telegram message app when a @MTNProBot appeared on the service allowing anyone to insert user’s phone number and collect their personal information including first name, last name, address, national code, landline number, postal code, and city.
Just a couple of weeks ago Iranian hackers had exposed a critical security flaw on Telegram app allowing anyone to send anonymous messages to any user but the bot incident seems something unrelated.
According to Mr. Mohammad Reza Farnaqizad, spokesman for Iranian ICT ministry, the bot was blocked few hours after the incident, however, the bot was active for 20 hours allowing anyone to get hold of users’ personal information. Remember, Telegram is one of the most used apps in Iran with more than 20 million users.
Sources also claim that details offered by the bot were actually old (stolen from MTN Irancell database 3 years ago), and was initially being sold off to advertisers. Nevertheless, the availability of such personal data in the public domain is a huge blow to Iranian users as it can allow cybercriminals to conduct other attacks or scams including bank fraud and identity theft leading to personal damage for the users themselves.