Throughout 2024 and 2025, Telegram emerged as the primary conduit for disseminating leaked data, accounting for approximately 72% of all documented incidents, according to evaluations from the analytical division of “Gazinformservice.”
The firm observes that Telegram’s appeal to vendors of compromised information stems from its lax verification processes, a lack of stringent reputational mechanisms, and comparatively lenient oversight. Nevertheless, a shift began to materialize in 2025: reacting to intensified regulatory scrutiny, the messenger initiated a significant purge targeting channels and content associated with data breaches.
Telegram’s dominance in the data trading sphere isn’t solely due to effortless user authentication; its function as a central hub for communication naturally draws a massive user base. The simple math is this: greater user density equates to increased leakage instances.
Concurrently, experts emphasize that Telegram represents only the visible aspect of a larger problem. Roughly 26% of the data sets during the same timeframe surfaced within the dark web and private forums, venues where technical specifics of assaults, system configurations, and screenshots of compromised conversations are revealed. An additional 2% of leaks are traceable to the websites operated by malware producers, while the foundational stages of preparation and intelligence gathering persist within the clandestine sectors of the darknet.
About the Author
