Over 200 million Telegram user records have been posted on a well-known hacking forum — and researchers have confirmed the data includes email addresses and phone numbers.
Three separate databases appeared on BreachForums on 24 January, totalling roughly 44GB of uncompressed data. The records contain usernames, full names, email addresses, phone numbers, and Telegram user IDs. Security researchers at Cybernews verified the data and found at least 66 million phone numbers and user IDs, plus 10 million records with additional personal details.
Telegram denied that private data was exposed, claiming the records "only reveal the user ID and public username." But researchers found emails and phone numbers in the sample data, which directly contradicts that statement.
Whether this is a fresh breach or a compiled dataset from older leaks and scraping doesn't really matter to you. What matters is that your email address and phone number may now be paired with your real name in a database that anyone can download for free.
Here's what that means for your inbox.
What Scam Emails to Expect
"Verify Your Telegram Account"
The most obvious play. You'll receive an email claiming Telegram has detected unusual activity on your account and asking you to verify your identity by clicking a link.
This is especially dangerous right now because there's a separate, active phishing campaign that hijacks Telegram's real login flow to steal fully authorised sessions. The timing isn't coincidental — leaked email addresses make these attacks far more targeted.
What to look for:
- Urgent language about account suspension or security threats
- Links to sites that look like Telegram but use slightly different domains
- Requests to enter your phone number or one-time codes
The rule: Telegram will never email you asking you to click a link to verify your account. If you're worried, open the Telegram app directly.
"Your Data Was Found in a Breach"
Scammers love impersonating security companies. Expect emails claiming to be from breach notification services, VPN providers, or identity protection firms — warning you that your Telegram data was found in a leak and offering to "protect" you.
What to look for:
- Offers for free security scans or identity monitoring
- Attachments claiming to show what data was leaked
- Links to download "protection tools" (which are actually malware)
The rule: Legitimate breach notification services like Have I Been Pwned don't cold-email people with download links.
Credential Stuffing Spin-offs
This one's less obvious. If your Telegram email address is the same one you use for other accounts — banking, shopping, social media — attackers may try logging in to those services using passwords from older breaches.
When that fails (hopefully), the service sends you a "failed login attempt" notification. Scammers then follow up with a phishing email that references the real notification, saying: "We noticed someone tried to access your account. Click here to secure it."
What to look for:
- Emails that reference real security notifications you actually received
- Urgency to "secure your account immediately"
- Links that don't go to the actual service's domain
The rule: Always go directly to the website by typing the address yourself. Never click through from an email about account security.
Personal Impersonation
With full names, phone numbers, and email addresses connected, scammers can craft highly convincing impersonation emails. Think: messages that appear to come from someone in your Telegram contacts, referencing things that seem personal.
What to look for:
- Emails from people you know, but with slightly wrong email addresses
- Requests for money, gift cards, or urgent help
- Messages that feel oddly formal or strangely generic for someone you know
The rule: If a contact emails you out of the blue asking for something, verify through a different channel — call them, or message them on Telegram directly.
How to Protect Yourself Right Now
1. Enable two-factor authentication on Telegram. Go to Settings → Privacy and Security → Two-Step Verification. This adds a password on top of the SMS code, making session hijacking far harder.
2. Check your privacy settings. In Telegram's privacy settings, restrict who can see your phone number and who can find you by it. Set both to "My Contacts" or "Nobody."
3. Don't reuse passwords. If the email address linked to your Telegram account is the same one you use elsewhere, make sure every account has a unique password. A password manager makes this painless.
4. Be sceptical of breach-related emails. For the next few weeks, treat any email mentioning Telegram, data breaches, or account verification with extreme suspicion.
5. Check Have I Been Pwned. Visit haveibeenpwned.com to see if your email appears in known breaches. It won't have this specific Telegram dataset yet, but it shows your overall exposure.
The Bigger Picture
Telegram has nearly a billion monthly active users. Even if only a fraction of the 200 million leaked records contain valid, current data, that's still an enormous pool of targets.
The platform has been under pressure since founder Pavel Durov was arrested in France in 2024 and subsequently agreed to share user data with governments. Trust in the platform's privacy promises was already shaky. This leak — and Telegram's dismissive response to it — doesn't help.
For the average user, the lesson is the same one that follows every breach: your email address is your identity online, and every leak makes it a bigger target. The scams won't come from Telegram itself — they'll arrive in your inbox disguised as something you trust.
