Hi programmers!
Back on October 19, 2023, a serious issue about Telegram leaks caught my attention. The leak was linked to the app’s peer-to-peer (P2P) calling feature, which was exposing users’ public IP addresses. This flaw could allow attackers or scammers to collect public IPs and increase the attack surface for OSINT (Open Source Intelligence) and other cyber threats.
Fast forward to January 3, 2024, I tested the issue again—and unfortunately, the vulnerability still exists. My intent was never to attack Telegram but to raise awareness about the privacy risks involved with using the app.
Read More About: How TheJavaSea.me Sparked a Cybersecurity Storm
How the IP Leak Happens on Telegram
Here’s how I tested and confirmed the issue step-by-step:
✅ Prerequisites:
-
The attacker must first add the victim as a contact.
-
By default, the P2P call setting is set to “My Contacts.”
✅ Attack Process:
-
The attacker starts a voice call with the victim, and the victim accepts the call.
-
The call lasts around a minute or less.
During the call, I monitored the network traffic using a tool like Telegram Shark, and I was able to see the victim’s public IP address, such as 49.237.41.xx.
Disabling Peer-to-Peer (P2P) to Prevent Leaks
Next, I experimented by disabling the P2P feature (set to “Nobody”). This time, the tool no longer showed the victim’s IP address—proving that disabling this feature does effectively prevent IP exposure.
To protect your IP address:
-
Go to Settings > Privacy and Security > Calls
-
Under Peer-to-Peer, select “Nobody”
⚠️ Keep in mind: Disabling P2P might reduce call quality, but it significantly improves security.
Why Are Leaks Shared on Telegram?
Hackers traditionally relied on the dark web to buy/sell leaked data. But now, Telegram leaks have become more popular due to:
-
Easy sign-up (just a phone number)
-
Low entry barriers for both senders and receivers
-
Fast communication and wider reach
-
No hosting requirements, so there’s less chance of takedowns
We found Telegram groups where even users with basic tech knowledge were downloading and asking how to open leaked data. This shows how easily sensitive data spreads, even outside the dark web.
The Role of Bots in Spreading Telegram Leaks
Telegram’s powerful bot system allows automation. While businesses use bots for marketing, cyber criminals use them for harmful activities like:
-
Spreading leaks across multiple groups
-
Running malicious tasks in the background
-
Automating hacks and scripts without being noticed
Telegram’s Response to Leaks and Illegal Groups
Telegram has taken steps to shut down harmful groups, but often, these actions are delayed. In the meantime:
-
Group admins create backup groups to keep operations running
-
Users quickly switch to the new group, continuing as usual
However, Telegram has been quicker to act in cases involving copyrighted content, such as piracy, and has banned many such groups.
Final Thoughts
Telegram is widely seen as a secure and private messaging app, but the IP address leak issue shows there’s still room for improvement.
If you’re concerned about your privacy and security, make sure to:
👉 Head over to Settings > Privacy and Security > Calls
👉 Under Peer-to-Peer, choose “Nobody” to prevent your IP from being exposed
While this may reduce your call quality slightly, it will significantly boost your protection from attackers or scammers looking to exploit this vulnerability.
