To anyone wondering the validity of his claim that he was "hacked," I would
seriously doubt it if I were you.
I'm pretty sure "Kero" got the idea for making it look like "muh iranian haxxors" by reading this article without reading the actual content.
https://www.wired.com/2016/08/hack-brief-hackers-breach-ultra-secure-messaging-app-telegram-iran/
It took place in 2016 in Iran and you needed access to the verification code sent via SMS. I don't even know what Kero is claiming from the hack exactly, all I know is he's saying that he WAS hacked. What, the Iranians went in and changed all of the messages or retroactively created messages in the database to frame yourself and a bunch of your dogfucking friends? None of this makes a bit of sense and I have found no evidence of recent Telegram hacks, especially nothing in the way of login information (which is probably hashed and salted anyway). Obviously, I've seen nothing at all targeting Americans either. Just some hack in Iran. This would either mean:
1) Someone bruteforced their way in by repeatedly connecting and sending login requests to the server, which would not only be impossibly time consuming but would also probably trigger a lockout after too many requests
2) Kero fell for some sort of phishing/trojan thing which is beyond unlikely since android software is curated by the google play store to prevent fakes and fraudulent shit like this
3) Kero is a fucking moron and told an Iranian his telegram login credentials for some reason and turned off/failed to use 2-factor-authentication
The only potential vulnerabilities I've learned or read about have nothing to do with account theft/login vulnerabilities, and it's all potential vulnerabilities in MTProto, which is their encryption scheme for encrypting messages. As far as I know, if this were to be hacked, all it means is that now your ISP or the NSA or whatever could read the content of your messages and now they're no longer really private.
I like that he went the "hacked" route. It's such a bullshit excuse by scared guilty people as some last ditch effort to get out of trouble. The far better excuse would have just been the "Shaggy excuse" aka "it wasn't me!" That one actually holds a lot more plausibility. "Muh hax" always smells like utter bullshit from 50 fuckin miles away.
EDIT: Telegram has been largely blocked in Iran for quite a while
https://en.wikipedia.org/wiki/Telegram_(service)#Censorship
which means this was very likely a VPN and not an actual Iranian ISP. But we already knew that.
