Cyber Incident Victim: MTN Irancell

On July 1, 2016, a Telegram bot named @MTNProBot appeared on the messaging platform, enabling public access to sensitive personal data belonging to approximately 20 million subscribers of MTN Irancell, Iran's second-largest mobile operator. The bot functioned by allowing any user to input a phone number, which would then return extensive personal details including first and last names, addresses, national identification codes, landline numbers, postal codes, and city of residence. Iranian news agency Fars reported the incident, noting the bot remained operational for approximately 20 hours before being blocked by authorities. Mohammad Reza Farnaqizad, spokesperson for Iran's ICT Ministry, confirmed the bot's takedown within hours of its discovery. The exposure occurred despite a separate Telegram vulnerability involving anonymous messaging that Iranian hackers had identified weeks earlier, though officials indicated the events were unrelated.

Investigations revealed the leaked data originated from a breach of MTN Irancell's systems three years prior to the incident, with initial reports suggesting the stolen information had been circulating among advertisers before being weaponized through the Telegram bot. Iranian technology blog TechRasa verified the bot's functionality by testing it with legitimate Irancell phone numbers, confirming it returned accurate subscriber details. The public availability of national identification codes and residential addresses raised significant concerns about potential follow-on crimes, including bank fraud and identity theft. While the bot's creator and motives remained unidentified in available reports, the incident highlighted systemic data protection failures given the age and scale of the compromised records. No statements from MTN Irancell regarding remediation efforts or customer notifications were documented in the immediate aftermath of the exposure.