Helpless with chatbots that sell data on Telegram


Pham Duc, a programmer in Hanoi, was shocked when his information was exposed with just a lookup message, but could not do anything even though he informed Telegram.

Heard about this tool through an IT group in early July, it didn't take long for Mr. Duc to find and try the chatbot. After a few steps, the bot information appears in the public search results, allowing users to search for free for the first time.

Trying to enter his own phone number, he was stunned by the return message. A series of his personal information, from his full name, date of birth to the number of papers and household registration, appeared in detail and accurately. "These are all things that I always limit to share as much as possible, but can't be looked up easily with just such a phone number," Duc said.

Among the information is also the location and time of the transaction with the network operator. Germany suspects its data can be leaked from here.

A chatbot on Telegram that provides a range of informational services. Photo: Luu Quy

In addition to looking up anyone's information based on phone numbers, some Telegram chatbots also claim to be able to look up e-wallet accounts, social networks, vehicle license plates, monthly electricity bills.

To search for information about others, users are required to deposit a minimum amount of 50 USD, then deduct each time they are used. Deposits are made via cryptocurrency exchange to remove traces.

These sets of information sell from 0.001 to more than a dollar, with the cheapest of which is Facebook account data. Just enter someone's name, year of birth and province, the chatbot will return matching personal information for $ 1.24 (VND 30 thousand).

In addition to chatbots, the purchase and sale of personal data is also done through channels and accounts on Telegram. The data sets are filtered by user groups "with credit card", "have a car", "with savings"... and are sold from 300 to 3,000 VND depending on the quantity. Buyers receive a complete list from full name, address, phone number, CCCD to account balance.

"This is all tested data, guaranteed to work, and a one-to-one guarantee if it's wrong," asserts a credit card data seller, sending samples for buyers to preview if in doubt. .

Hard to stop

According to security experts, chatbot on Telegram is just an automatic sharing tool. The root cause lies in the place where user data is held, for example, carriers, social networks, banks... These are the parties who have the right to access information, but have not properly protected it, making them vulnerable. leak and become data for the chatbot.

Once data has been advertised on cross-border OTT platforms like Telegram, blocking becomes difficult. "Groups can use a foreign sim to register an account, then use that account to exchange and operate in Vietnam without any problems. Tracking down scammers on the OTT network is extremely complicated. complicated because the information transmitted on OTT is encrypted and can be permanently deleted at the request of the sender," assessed security expert Vu Ngoc Son.

With the data trading chatbot, according to Mr. Son, the only way to deal with it is through the platform, which means reporting and asking Telegram to remove it, but it depends on whether "they cooperate or not".

A representative of a major network operator said that it is conducting an inspection and "immediately, no vulnerabilities have been found on the network side". Meanwhile, the draft revised Telecommunications Law is proposing to put OTT applications with calling and messaging features like Telegram into management, to ensure user protection.

Telegram's tolerance

Responding to VnExpress about the status of Vietnamese people's data being sold on the platform, Telegram spokesperson Remi Vaughn affirmed: "Since its inception, Telegram has actively censored harmful content on our platform. me, including the publication and sale of personal information".

An app representative said the review is done through moderators, incorporating active monitoring of public content and user reports. Violating content after inspection will be removed.

"If private data is found for sale, users can use the in-app reporting tool to send it to moderators," Vaughn said.


Interface for reporting infringing content on Telegram. Photo: Luu Quy

However, unlike the platform's announcement, most of the above chatbots and groups are in public form, but still exist for a long time. Telegram's "Report" section focuses on violations such as spam, violence, pornography, child abuse, piracy, with no section for reporting data breaches.

Four days after reflecting on the data distribution tool with the Telegram team, Germany said the chatbot still exists.

Financial and Cryptocurrency News Forum by Company Remitano Network

Copyright © 2017 - ALO. All rights reserved