18.07.2023
4 min
2691
If you have lost access to your Telegram account, there are several ways to recover it. This article will help you step by step to regain access to the messenger, explain what to do if you lose your phone or number, and how to protect your account from further threats. Learn detailed security recommendations and tips to avoid losing access in the future.
Some Telegram users are facing the fact that their accounts are falling victim to attackers.
Does this mean that Telegram’s encryption protocols are not secure enough? How and why can fraudsters hack user accounts? What to do if your Telegram account has been hacked? How to protect your account from possible attacks?
We have prepared for you the most complete and detailed guide on recovering a hacked Telegram account and tips for protecting it from future threats.
In case of hacking of the Telegram account, the further fate of the account depends on how correctly and carefully the actions are performed. It is important to act not only quickly, but also thoughtfully. Often, when faced with a hack, users panic and delete the Telegram application from their devices, mistakenly believing that this will solve the problem. This article explains why such a step will not help, and provides recommendations on how to properly act in such situations.
Take your time.
Read this article carefully. Read all of its points: even those that do not apply to your specific situation.
If you still have questions, go to the Telegram Info Chat group and ask the experienced users.
If you think your account has been hacked, here’s what you need to do:
Make sure the account is really hacked.
Deny attackers access to the account.
Protect your account from future hacks.
If you see that the account of one of your friends or acquaintances has been hacked, please do the following:
Notify the victim that their account has been compromised. Try to do it not in Telegram, but in some other way.
Send her a link to this article.
Be prepared to submit a complaint about the hacked account. Please do not do this until the actual account owner asks you to!
Your account is probably hacked if you observe any of the following signs (or several at once):
A message is received from the Telegram work account about a new successful authorization on an unknown device, although no new logins have been made.
Other users start receiving messages in private chats that they did not send, asking them to transfer funds or to follow a suspicious link. Attackers can delete these messages after sending.
New groups and channels appear in the chat list, despite privacy settings that prohibit adding to new groups and channels.
The name, avatar or text in the “About” field is changed without the participation of the account owner.
Unknown devices appear in the list of active sessions.
The account is unexpectedly logged out of all devices, and there are difficulties when trying to log in.
It depends on the exact situation in your account:
You are signed in to your account on one of your devices.
You are not signed in to your account on any of your devices.
If you have a device signed in to your account, do the following:
Open the list of devices on which you are logged in: on a PC – “Settings › Privacy › Active sessions”, in mobile applications – “Settings › Devices”.
Click the “End all other sessions” button.
Verify that the application did not display an error message and that other sessions did indeed terminate.
If you’re using a Windows or MacOS PC: Sign in to your account on a mobile device (Android or iPhone). Log out of your computer. This is important.
Protect your account from future hacks.
If when you try to end other sessions, you get the message: “Ending sessions from a new device is not available for security. Please use the device where you previously signed in, or try again in a few hours”, which means that the account was signed in less than 24 hours ago and other sessions cannot be completed.
This feature of Telegram may seem illogical, but during the first 24 hours after logging in, it is impossible to end other sessions. During this time, you can see attackers sending malicious messages to your contacts, adding porn channels or deleting chats. During this period, it is important not to reveal your presence, as attackers can kick you out of your account, and you cannot. Therefore, it is worth behaving inconspicuously and waiting for the end of 24 hours.
Unfortunately, even then, attackers can still easily detect that you’re logged into your account and forcibly log you out.
And here’s what not to do:
Signing out of your account in the hope that this will somehow stop the attackers. It won’t hurt, but on the contrary, it will help: you will save yourself the old session, and with it, the opportunity to expel fraudsters from your account.
Uninstall the Telegram app from your device. This will also make it easier for fraudsters.
Send all your contacts a message like “Don’t transfer money or follow the link, it’s not me, I’ve been hacked!” until the remaining sessions are completed. Attackers will be able to see them, understand that you are in the account, delete your messages, and immediately kick you out of the account.
If your account is hacked and you don’t have any signed-in devices, here’s what to do:
Sign in to your account.
Stay in it for 24 hours without revealing your presence
Terminate the attackers’ sessions.
If your account has not previously been converted to email authorization by the Telegram platform, please note the following:
If there is no access to the SIM card with the phone number linked to the account, there is almost no chance of regaining access. Telegram will not allow you to enter the account without receiving an authorization code for the linked phone number. No other methods—knowing the cloud password, accessing e-mail, or contacting the mobile operator—will help. The only confirmation of ownership of a Telegram account is the ability to receive a code to the specified phone number.
The account can only be accessed via a mobile device, as a call or SMS login code can only be requested from a mobile phone.
When you try to log in to your account, you may find yourself in one or more of the following situations:
You will be able to log into your account immediately.
You will be able to log into the account, but soon you will be forced to log out.
A login code will be sent to the other device.
A login code will be sent to someone else’s email.
The program will ask for a cloud password that is unknown.
Failed to log in due to too many login attempts.
The program will prompt you to create a new account.
The program will inform you that the phone number is blocked.
Let’s consider all these situations in more detail.
If you are successfully logged in, you should immediately go to Settings › Privacy › Active Sessions and check whether there are any unfamiliar devices or computers among your active sessions. If there are none, it means that the attack may have been stopped and now you should take care of additional account protection.
If there are unfamiliar devices among the active sessions, it is too early to rejoice, because in the near future it will not be possible to completely prevent the actions of intruders.
If your account is signed in on an attacker’s device, they will receive a notification as soon as you sign in to your account. If their session has been around for more than 24 hours (which they most likely have), then they can easily log you out. In this case, you will have to make a difficult choice:
If saving account data (chats and contacts) is more important than blocking attackers immediately, you can continue to try to log in. However, you should not do this too often, as Telegram may stop sending login codes or temporarily block login attempts. Sometimes attackers may not notice an account login if it is done in the middle of the night, although this option is unlikely, as hacked accounts are usually monitored by programs that run 24/7. There is a chance that Telegram itself will detect suspicious activity and forcibly terminate all sessions, allowing you to log in without interference.
If it is important to stop sending malicious messages as soon as possible, you can try to delete the account immediately after logging in. However, all chats and contacts will be lost forever, and groups and channels where the account was the owner will remain without an owner.
To delete an account, you must:
Open the link https://my.telegram.org/deactivate in the browser.
Enter your phone number in the field “Your Phone Number.”
Get the authorization code from the official Telegram account, copy it and enter it in the “Confirmation code” field.
Make sure that the correct phone number is entered on the next page and click “Delete My Account”.
In this case, you need to click the “Send code via SMS” button at the bottom of the screen. If it is not there, wait a few minutes without leaving the login screen, and it will appear. Then two options are possible:
The program informs that an SMS with a code has been sent or that Telegram is calling to dictate the code. In this case, you need to wait for an SMS or a call, receive the code and enter it on the authorization screen. If the code has not arrived, you can use additional recommendations, such as checking the communication settings or referring to the corresponding article on what to do in the absence of an authorization code.
If the message “If you did not receive a call or SMS with a code, check your cellular settings and the number you entered” appears, as well as the “Help”, “Other number” and “Close” buttons, this may indicate that that Telegram does not want to send a code to the device from which the login is attempted. In this case, you can try to install the application on another device or wait a few hours and try to log in again.
This means that the attackers have already added their email to receive one-time account access codes. In this case, you need to click “Reset mail” and choose: either wait 7 days to reset it, or get a paid Telegram Premium subscription to reset mail immediately. It is important to note that even after the mail is reset, the attackers can remain in the account.
If the app asks for a cloud password and you don’t have one, this may indicate a forgotten password or a password change by attackers. You can use the function “Forgot your password?” and follow the instructions. If you don’t receive a reset code, your only option is to perform a full account reset after 7 days, deleting chats and contacts.
This means that there have been many attempts to log in to the account, and Telegram is temporarily blocking new attempts. It is best to wait a few hours or a day before trying again. Installing Telegram on another device can also help.
This indicates that the account has either been deleted or the associated phone number has been changed. You can try to recover your account by sending an email to [email protected] with a request to recover your account. If the number is changed by attackers, recovery is impossible.
If the account is blocked due to complaints, you need to use the “Help” button and send a letter to the Telegram address. After a few days, the number may be unblocked, but restoring the old account in this case is unlikely.
If it is not possible to restore access to the account and the attackers continue to deceive your friends and relatives, you can try to get the account blocked. Although this does not guarantee that access will be restored, but fraudsters will not be able to take advantage of your contacts’ money.
You can learn more about the process in the article “How to contact Telegram?” in the “Complaints” section. Friends who have received scam messages can forward them to the work account @notoscam or write an email to [email protected] with a description of the situation. The more such appeals there are, the more likely Telegram moderators will notice the problem and take action.
If fraudsters ask to transfer money, you can enter into correspondence, find out the card number and contact the bank with a corresponding complaint. This will not recover the account, but it can make life difficult for attackers.
There are several ways attackers can gain access to a Telegram account:
Criminals use manipulations so that the owner of the account himself provides the necessary data for access. Methods may include:
Offering a free Telegram Premium subscription or other benefits.
Requests to vote for someone or provide assistance.
Threatening to delete your account if you don’t follow a certain link.
It is important to be careful with such offers, even if they come from friends, as their accounts can also be hacked.
Attackers can convince a user to download a malicious file to a computer or phone. This file can steal an active Telegram session and transfer it to attackers without creating new sessions, so the user may not even know that the account has been accessed.
This is especially dangerous for the owners of large channels, because attackers can disguise their actions, and the victim will not see new sessions.
Sometimes attackers receive a duplicate of the user’s SIM card through the telecommunications operator and receive the code for entering Telegram. This happens rarely and mostly concerns public figures.
Although Telegram’s encryption protocols are reliable, breaches occur due to users’ own mistakes — clicking on malicious links or running dangerous files.
Two-factor authentication may not protect against session hijacking, when attackers use malware to steal an active Telegram session from a computer.
Sometimes users see strange activity in their account even though the devices listed are correct. This may indicate that attackers have access to the device itself and not to the Telegram account. In such cases, fraudsters can see your SMS and calls, receive login codes, or even control your mail program and banking applications.
Recommendations in such a situation:
Turn off the device.
Change all passwords for services used on this device.
Perform a full device scan for malware.
To reduce the risk of account theft to a minimum, follow these rules:
Do not click on suspicious links. If there is doubt about the reliability of the link, it is better not to open it.
Do not run suspicious files on your devices. If there is any doubt about the security of the file, do not open it.
Do not leave devices unattended so that attackers cannot see the authorization codes on the screen.
Avoid installing apps from unofficial sources, including any apps other than Telegram.
Do not Jailbreak your iPhone and do not root your Android, as this reduces the level of data protection.
Regularly scan devices with antivirus, especially Windows PCs and Android devices.
If you lose your device, log out of it immediately from another device.
Always log out of your Telegram account before selling or transferring your device to other users.
Never share one-time login codes or cloud passwords.
Protect your account with a cloud password in Settings › Privacy › Cloud password. Optionally, you can specify an email to reset your password, but this may reduce security if attackers gain access to your email.
Set a password on all Telegram applications for additional protection and encryption of data on the device.
Always read messages from official Telegram accounts, including the +42777 account, which informs about login attempts and other important events.
Many users are upset that Telegram support does not help to recover stolen accounts, but there are several reasons for this:
There is not enough data to identify the user. When you create a Telegram account, the only information the platform receives is your phone number. Therefore, even if the user tries to prove his identity, Telegram has nothing to compare the data provided to confirm the account owner.
Telegram does not have an office in Russia. The lack of a representative office in Russia and channels of interaction with local companies, including mobile operators, makes it impossible to check the documents confirming the ownership of the phone number. Even if you have a contract with a carrier, Telegram cannot verify its authenticity.
Telegram cannot restrict access or block an account upon request. Employees of the platform have no way to accurately determine whether the blocking request came from the real owner of the account or from an attacker, so they cannot take action.
Despite all this, it is still worth trying to ask for help through the official feedback form https://telegram.org/support. Although there is no guarantee that your request will be considered or fulfilled, there is a chance that the situation will be resolved.
