Law enforcers in Iran has arrested a 19-year-old IT graduate for leaking personal data belonging to 20m 'MTN Irancell' customers in an elaborate scheme orchestrated with the help of the smartphone application Telegram.
The hacker, who remains unnamed, allegedly confessed to the crime of uploading the contents of a stolen Irancell database to a server and allowing it to be accessed by a Telegram 'bot' – a piece of computer code that automated the data collection process.
This, as reported by Hack Read, then allowed users to access names, addresses, national ID records and post codes of a target, all by inserting a simple phone number.
The bot, which appeared on Telegram on 1 June, was called @MTNProBot and active for around 20 hours, according to Iranian technology blog TechRasa.
The database used in the operation was reportedly three-years-old, however tests on the bot proved the records used were indeed legitimate.
On 3 July, Mahmoud Vaezi, Iran's Minister of Communications was questioned in parliament about the incident. He confirmed the initial leak of customer data occurred three years ago and was carried out by an employee of a third party organisation working with Irancell.
It is estimated there are roughly 20m Iranians using Telegram, which surpasses other forms of common social channels such as Facebook and Twitter – both of which are blocked in the country. Meanwhile, Irancell is the second largest mobile operator in Iran and is 49% owned by the South Africa-based MTN Group.
On 29 May, Reuters revealed the government of Iran has given the tech firms behind foreign messaging applications like Telegram one year to move all data stored about Iranian users to servers inside the country – leaving many users increasingly concerned about security and privacy.