A Telegram-related compilation named “Telegram 1 Billion” has been indexed with 1,572,230 records tied to emails, names, phone numbers, usernames and Telegram identifiers, with a listed breach date of July 1, 2024 (leaksear.ch metadata). The dataset is described as an aggregated multi-source package scraped from public channels, contact-list dumps and CRM-style exports, not as a confirmed compromise of Telegram’s core systems (leaksear.ch metadata).
What happened
The leaksear.ch metadata describes this leak as a mid-2024 aggregated compilation of Telegram user IDs, usernames, display names and phone numbers drawn from multiple source types, including public channel scraping, contact-list dumps and CRM-style exports (leaksear.ch metadata). The available metadata does not identify a single intruder, ransomware group, exposed database, or Telegram server compromise.
Public reporting on other Telegram-labeled datasets shows why that distinction matters. Cybernews reported a separate leak-forum post claiming more than 200 million Telegram user records, while noting uncertainty over whether the data represented a new breach or a collection of previously scraped or stolen details; Telegram told Cybernews the records appeared to result from contact importing and did not expose private user data (cybernews.com).
A separate 2024 incident indexed by Have I Been Pwned involved combolists posted to Telegram channels, not a Telegram account database: HIBP listed 361.5 million affected accounts, and Troy Hunt wrote that the 122GB set contained 1.7k files with 2 billion lines and 361 million unique email addresses sourced from existing combolists and infostealer malware (haveibeenpwned.com, www.troyhunt.com).
What data was exposed
The indexed leak includes searchable pivots for email, name, phone and username (leaksear.ch metadata). Records also contain contact_owner_id, last_seen, source_format and telegram_id fields that are stored as context but are not listed as direct search pivots (leaksear.ch metadata).
In plain terms, this means the dataset can connect Telegram-style identifiers and usernames with names, phone numbers, emails and account-related metadata (leaksear.ch metadata). Telegram’s own FAQ notes that users can be found through public usernames and that phone-number visibility depends on privacy settings and whether another user already has the number saved (telegram.org).
Why this matters
A dataset that links Telegram IDs, usernames, names, phone numbers and emails can help attackers pivot between Telegram, SMS and email when crafting phishing or impersonation attempts. The risk is higher where a phone number or username can be tied to a real identity, workplace, public channel activity, or other breach data.
For individuals, the practical concern is targeted contact rather than account takeover by itself. Review Telegram username and phone-number privacy settings, be cautious of unsolicited Telegram or SMS messages that reference personal details, and check whether your email, name, phone number, or username appears in this leak.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include email, name, phone, and username.