Telegram hands over data on thousands of users to US law enforcement
Telegram reveals that the communications platform has fulfilled 900 U.S. government requests, sharing the phone number or IP address information of 2,253 users with law enforcement.
This number is a steep increase from previous years, with most requests processed after the platform's policy shift on sharing user data, announced in September 2024.
While Telegram has long been a platform used to communicate with friends and family, talk with like-minded peers, and as a way to bypass government censorship, it is also heavily used for cybercrime.
Threat actors commonly utilize the platform to sell illegal services, conduct attacks, sell stolen data, or as a command and control server for their malware.
As first reported by 404 Media, the new information on fulfilled law enforcement requests comes from the Telegram Transparency Report for the period between 1/1/24 and 12/13/24.
Previously, Telegram would only share users' IP addresses and phone numbers in cases of terrorism and had only fulfilled 14 requests affecting 108 users until September 30, 2024.

Following the change in its privacy policy, Telegram will now share user data with law enforcement in other cases of crime, including cybercrime, the selling of illegal goods, and online fraud.
"If Telegram receives a valid order from the relevant judicial authorities that confirms you're a suspect in a case involving criminal activities that violate the Telegram Terms of Service, we will perform a legal analysis of the request and may disclose your IP address and phone number to the relevant authorities.," reads the updated Telegram privacy policy.
This change came in response to pressure from the authorities, culminating in the arrest of Telegram's founder and CEO, Pavel Durov, in late August in France.
Durov subsequently faced a long list of charges, including complicity in cybercrime, organized fraud, and distribution of illegal material, as well as refusal to facilitate lawful interceptions aimed at aiding crime investigations.
Even though the policy shift resulted in multiple cybercrime groups announcing their departure from Telegram, cybercrime intelligence firm KELA reported in December that the landscape hadn't changed yet.
While the significant uptick in user data-sharing practices recorded in the final quarter of 2024 indicates a change in Telegram's strategy, a clearer picture will be given in April 2025, when the next transparency report is due for publication.
To access Telegram transparency reports for your country, use the platform's dedicated bot from here.
CVE-2024-20439 Cisco Smart Licensing Utility Static Credential Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2025-30154 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability
CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability
CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
InformationalInformation Disclosure - Suspicious Comments
InformationalRe-examine Cache-control Directives
Free online web security scanner