-
Hackers now sell and share stolen data through Telegram instead of the dark web, researchers find.
-
Cyberint reports a more than 100 percent surge in criminal activity on the messaging platform.
-
The platform’s simple nature and non-strict content policy draw threat actors looking for engagement in the illegal markets.
Cyber thieves are rushing Telegram for their nefarious activities because it gives them something the dark web cannot provide: convenience without heavy oversight.
A recent Cyberint study commissioned for the Financial Times brought this troubling trend to the spotlight. Security researchers found out that hackers now choose Telegram for peddling stolen data thanks to its user-friendly attributes and avoidable content moderation.
The dark web once dominated these illegal activities. This encrypted section of the internet requires special browsers and complex login procedures to access. Hackers valued it precisely because it existed beyond the reach of standard search engines and casual observers.
Those barriers, however, limit accessibility. Telegram solves this problem. Anyone can download the app and create an account within minutes. The service supports encrypted “secret” chats for personal discussions. Group chats can accommodate at least 200,000 people. Members still need invitation links to join these massive channels.
Criminal Activity Surges Over 100 Percent
Cyberint threat analyst Tal Samra documented a dramatic increase in criminal usage. An observation from the researcher shows that Telegram hit “over 100% rise” in activity from bad actors. Samra explained that bad actors see the service as:
“highly famous for hashing fraudulent activity and peddling stolen credentials thanks to its usability, compared to the dark web.”
WhatsApp’s recent privacy policy changes triggered much of this migration. The Facebook-owned competitor also provides end-to-end encryption options. However, its updated policies pushed users with questionable intentions toward alternative platforms.
The numbers tell a stark story. References to specific hacker terminology for stolen email addresses and passwords multiplied four times between 2020 and 2021.
Researchers also found a public channel named “combolist,” itself a term from the hacker lexicon. This channel distributed data dumps to approximately 47,000 subscribers before Telegram removed it following inquiries from the Financial Times.
While stolen credentials are concerning, the platform’s accessibility also attracts far more dangerous criminals, including the predators that UK police are arresting at a rate of 1,000 per month, highlighting the urgent need for stronger moderation across all categories of illegal content.
Dark Web Forums Drive Traffic to Telegram
The dark web itself now promotes Telegram as a marketplace. Cyberint took note of a huge surge in Telegram links distributed all over forums on the dark web. These references climbed up from just 172,000+ instances in 2020 to one million plus in 2021.
Criminals trade various illegal goods through these channels. The study identified active markets for financial information, personal identification documents, malicious software, hacking tutorials, and login credentials for countless online accounts.
Security experts are worried because the easier the entry prerequisites, the more cyber thieves can engage in data theft and fraud. At least on the dark web, you must have technical expertise but now a smartphone app makes the whole thing much easier.
Platform Faces Pressure to Strengthen Moderation
Telegram maintains that its policies prohibit sharing personal data without consent. The company told the Financial Times it removes such content when discovered. Yet the scale of criminal activity suggests enforcement remains inconsistent.
The platform faces increasing criticism for insufficient moderation of content. Previous controversies involved fake certificates of vaccination and revenge pornography. Cybersecurity professionals now add data breach marketplaces to that list of concerns.
Telegram’s future moderation approach remains uncertain. Reports indicate the company explores monetization strategies and considers going public. These business developments might force stronger content oversight. At the moment, though, cyber thieves keep taking advantage of the platform’s accessibility and inadequate enforcement.
Meanwhile, on the dark web, more sophisticated threats continue to emerge, like the AI-powered infostealer that researchers spotted, proving that as one channel gets harder to exploit, criminals will always find another.
This shift points out a key change in cybercrime dealings. The convenience factor overshadows the security advantages of the dark web for a lot of bad actors. If Telegram upholds its current moderation stance, then more and more bad actors will be attracted.
