Telegram hands over data on thousands of users to US law enforcement

January 7, 2025

Telegram reveals that the communications platform has fulfilled 900 U.S. government requests, sharing the phone number or IP address information of 2,253 users with law enforcement.

This number is a steep increase from previous years, with most requests processed after the platform's policy shift on sharing user data, announced in September 2024.

While Telegram has long been a platform used to communicate with friends and family, talk with like-minded peers, and as a way to bypass government censorship, it is also heavily used for cybercrime.

Threat actors commonly utilize the platform to sell illegal services, conduct attacks, sell stolen data, or as a command and control server for their malware.

As first reported by 404 Media, the new information on fulfilled law enforcement requests comes from the Telegram Transparency Report for the period between 1/1/24 and 12/13/24.

Previously, Telegram would only share users' IP addresses and phone numbers in cases of terrorism and had only fulfilled 14 requests affecting 108 users until September 30, 2024.

**Current numbers (left) and previous period figures (right)***Source: BleepingComputer*

Following the change in its privacy policy, Telegram will now share user data with law enforcement in other cases of crime, including cybercrime, the selling of illegal goods, and online fraud.

"If Telegram receives a valid order from the relevant judicial authorities that confirms you're a suspect in a case involving criminal activities that violate the Telegram Terms of Service, we will perform a legal analysis of the request and may disclose your IP address and phone number to the relevant authorities.," reads the updated Telegram privacy policy.

This change came in response to pressure from the authorities, culminating in the arrest of Telegram's founder and CEO, Pavel Durov, in late August in France.

Durov subsequently faced a long list of charges, including complicity in cybercrime, organized fraud, and distribution of illegal material, as well as refusal to facilitate lawful interceptions aimed at aiding crime investigations.

Even though the policy shift resulted in multiple cybercrime groups announcing their departure from Telegram, cybercrime intelligence firm KELA reported in December that the landscape hadn't changed yet.

While the significant uptick in user data-sharing practices recorded in the final quarter of 2024 indicates a change in Telegram's strategy, a clearer picture will be given in April 2025, when the next transparency report is due for publication.

To access Telegram transparency reports for your country, use the platform's dedicated bot from here.