Personal data of 20 million MTN Irancell users available for public after a Telegram bot allowed anyone with a cell number of the victim to access their information!
In a strange incident, an Internet bot has been blamed for hacking 20 million MTN Irancell users, one of the most popular and second largest mobile phone operator in Iran.
Fars news agency reported the incident took place on Telegram message app when a @MTNProBot appeared on the service allowing anyone to insert user’s phone number and collect their personal information including first name, last name, address, national code, landline number, postal code and city.
Just a couple of weeks ago Iranian hackers had exposed a critical security flaw on Telegram app allowing anyone to send anonymous messages to any user but the bot incident seems something unrelated.
According to Mr. Mohammad Reza Farnaqizad, spokesman for Iranian ICT ministry, the bot was blocked few hours after the incident, however, the bot was active for 20 hours allowing anyone to get hold of users’ personal information. Remember, Telegram is one of the most used apps in Iran with more than 20 million users.
Sources also claim that details offered by the bot were actually old (stolen from MTN Irancell database 3 years ago), and was initially being sold off to advertisers. Nevertheless, the availability of such personal data in the public domain is a huge blow to Iranian users as it can allow cyber criminals to conduct other attacks or scams including bank fraud and identity theft leading to personal damage for the users themselves.
An Iranian tech blog TechRasa tested the bot by putting a cell number and found out it’s providing legit information.
“We wanted to check if this bot is legit so we tried our own Irancell cell phone numbers and guess what? it was legit.”
An Internet bot, also known as web robot, WWW robot or simply bot, is a software application that runs automated tasks (scripts) over the Internet. Typically, bots perform tasks that are both simple and structurally repetitive, at a much higher rate than would be possible for a human alone. The largest use of bots is in web spidering (web crawler), in which an automated script fetches, analyzes and files information from web servers at many times the speed of a human.
Distil Networks