Many people have an idea that even if a Telegram account is protected with additional two-step verification, it can be deleted by any user at any time which revolves around a myth. This article should help you have a clear understanding of that.
Telegram is a cloud service, meaning that you can access your chats and data from anywhere with a internet connected device and support app. One of the great advantages of Telegram is that it sends login codes within the app itself. This is particularly useful for many situations but as a matter of fact, any feature can be used for good and bad, and this is no exception.
If a user loses their number, it’s advised that they change it to the one they own right now through Settings. But a few people are reluctant to do that because if they want to login to a new device, they receive the code in the active session which rules out the use of SMS so why need to update the number.
But someone who gets the recycled number wants to sign-up for Telegram and to their dismay, there already exists an account on that number. But they really have to sign-up.
Under normal conditions, which is without two-step verification, the new user can just login with the number, go to the deactivation page and delete the account permanently (the deactivation code comes in the app, not through SMS). After a few minutes they can sign-up with a new account which belongs to them.
When two-step verification is involved, the user will be stuck on the password screen because they don’t know the password. Resetting the password won’t be possible as they don’t have access to the email either. But because they have the access to the number, they’re have the right to create an account for themselves. So, if they follow this prompt and tap 'forgot password> trouble accessing email> reset account’, they’d be able to ask Telegram to delete the account so they can create a new one instead.
Note that the user can only do the above step if they own the number and know the five digit login code sent on their phone through SMS.
If the account is inactive for more than about a month, it will be deleted instantly. But if the user is active it will take 7 days to delete the account, withing which the existing user can reconfirm their number of change it to avoid deletion. This is not a security loophole, but it’s required so that a user doesn’t squat over a number for a life time.
