Recovering a hacked Telegram Account

Adarsh
6 min readJul 16, 2022

--

Minimalistic, beautiful but unofficial Telegram logo for illustrative purpose.
A paper plane can be seen on a deep blue mold which is Telegram’s logo representing freedom of thought.

We all get tricked. Sometimes its magic, sometimes its real. It might so happen that you’re tricked into divulging some personal information through which you accounts can be compromised. Its common with Instagram accounts if you go over by the reports of people being duped into entering their credentials into phishing websites sent by verified accounts on the platform.

Now what happens if you are tricked into sharing the login code with someone that can be used to login to your Telegram account. Not necessarily you have to share the login code; sometimes there are bots which trick you into logging in with your Telegram account but not through Telegram¹.

The ideal way to prevent all of this is to not share the login code with anyone, even if they say they’re from Telegram. If you believe that your account has enough possibility to be compromised by threat actors, you can additionally enable two-step verification² on your account after which every new login will require an additional password to complete.

Compromised account and how to recover it:

If you find that someone has gained access to your Telegram account without your consent, the best way to get rid of it is to open Settings> Devices (or Settings> Privacy and Security> Devices) and terminate any session that you do not recognize.

But… it can be too late sometimes. We can miss the notification or become lazy and just ignore it (especially if you open the app once a blue moon). There can be circumstances when the malicious actor can log you out from your device³ and sometimes setup two-step verification on the account to lock you out.

If that happens to you, unfortunately, there are a few ways you can regain access to your account. Here’s what you can do:

  1. If you’re logged out from your device(s), try logging back in. If the attacker hasn’t enabled two-step verification, you should be able to login normally. If that’s the case, you will need to wait for about 24 hours from login to terminate sessions. If you are successful, its best that you do not share login codes henceforth and maybe consider setting up two-step verification.
  2. There might be a scenario where the attacker might terminate your session before you complete 24 hours⁴ after making a new login attempt in Step 01. If you believe that its possible in your case⁵, you can try exporting all text and media (whichever is possible) from personal chats using Telegram Desktop so that you can have a offline backup⁶ of those chats and then choose to terminate other sessions or proceed to delete the account here.
  3. If there is a two-step verification enabled on your account, you have only one option — to reset the account. To do that, you can just login normally⁷ and tap ‘forgot password’ on the two-step verification screen and follow the prompts⁸ to reset the account. Since the account is active, it will take 7 days to reset the account. Meanwhile, you can ask your friends or family members (chat partners) to export the chat using Telegram Desktop for reference.

Telegram accounts cannot actually be hacked⁹, so I haven’t used the words like hacked, hack or hacker here since it requires a code to access Telegram accounts which needs to be entered on the login screen. There might be certain but rare cases where the login code you receive is from a mobile number of your country and not an ID.

If your account has been banned and you think that it was a mistake, please tap ‘help’ on the ban label and Telegram will automatically generate an email to be sent to the recovery team. The moderators will be able to review the ban applied and reverse it, if applicable. You can also include a brief description of what happened from your perspective.

Please contact the support service (Settings — Ask a Question), should
you have any questions about Telegram.

Superscript references:

¹ I came across a bot which boasted itself to find the User ID of the Telegram account which sent the file first. After you send it the file, it asks you to share the code that you received from Telegram service account. It seemingly looked legit — it had its own keyboard and buttons (the ones you encounter when contacting Volunteer Support or Spam Info Bot). But the flags came up when it asked me for two-step verification password. So I tried and went further; I gave it the two-step verification password and voila! It logged into my account from a USA IP and of course the bot never worked. There are some websites/bots that will ask you authorization like this, beware! If you’d like to see how Telegram authorization works in real and read the documentation, you can do so here.

² Do not skip providing Telegram with a recovery email address that will be used to restore access to your Telegram account by resetting the password in an event where you lose access to it/forget it. Only skip this part if you’re sure that you won’t forget/lose access to the password. In case you decide to skip and forget the password but have another active session, you can request to reset the password on the login screen which will take 7 days.

³ The malicious attacker can log you out of all your devices if they can continuously access your account for 24 hours. They use the same method by which a user would terminate old or unknown sessions via Settings > Devices.

⁴ This is possible if the user tries to logout and login after the attacker has gained access to your account. In this case, when the user logs in, his session will be treated as new and the attacker in that respect would be logged in for more time than the user and hence get the ability to terminate sessions when 24 hours of continuous session is maintained.

⁵ If you don’t use Telegram much or don’t have any important data inside, you may stalk your own account with a different account or maybe ask a friend to check periodic online time. Some attackers use a lot and others don’t. So if you find your account not being used frequently and the attacker not coming online when you request a code, in certain cases, you might be able to login (given two-step verification is not yet enabled) and stay connected for 24 hours. If this succeeds, you can simply terminate all other sessions apart from yours. Note: This won’t work if the ‘last seen’ of your account is not visible.

⁶ The data exported using Telegram Desktop cannot be used to recover the chat. Its just an offline copy of the chat for your reference/backup. In case you decide to go ahead and delete the account, your chat partners (friends/family/etc) will still be able to export their chats with you and send it over.

⁷ Normal login: open Telegram app on your phone and request the code for your phone number. When Telegram detects that you have a recent session elsewhere, it might first send a login code via Telegram to that other session. To fix this, simply tap ‘send via SMS’ which should be shown at the bottom of your screen. This will send a login code via SMS.

⁸ After entering the login code, you’ll be prompted to enter the two-step verification password for the account. Since that’s not known, we proceed to reset the password. These are the password reset prompts: ‘forgot password’ > ‘having trouble accessing this email j***@example.com’ > ‘reset account’. If the session on the attacker’s device is active, you’ll have to wait for 7 days before the account is reset. Meanwhile, if you receive any login code from Telegram without you requesting it, simply ignore that message and do not share it with anyone. If that code is requested by the attacker, it can be used to cancel the reset request.

⁹ Even though hacking literally means ‘the gaining of unauthorized access to data in a system’, to hack a Telegram account, you’ll have to guess or keep brute-forcing the login codes until you have found the right combination, all when there is active rate limiting. Combinations which are 5 digit long having all feasible numbers will be at least around 100,000 combinations. So without having direct access to the code, one cannot make their way in.

--

--

Adarsh
Adarsh

Written by Adarsh

A non-political Citizen of World. Tech & Telegram Enthusiast. Blogger. Victim of a Curious Mind & Student in the University of Life.

No responses yet