Telegram’s Dark Trade: Unpacking Brazil’s Data Leak Surge
Resumo
The exploitation of leaked personally identifiable information (PII) has become a key enabler of social engineering attacks. While dark markets are commonly associated to traditional dark Web forums, Telegram emerges as an easy-to-use meeting place for users and vendors. This study investigates a specific ecosystem within Telegram known as ”Pull Groups” (PG), where large amounts of sensitive personal data are requested and shared. During a six-month monitoring period, we systematically collected and analyzed data, extracting more than 12 million PII records. To assess the potential impact of this exposure, we propose the Leak Exposure Index (LEI), which combines the leak volume with he group size to highlight high-risk environments. Our findings show that a small set of groups are responsible for the majority of leaked data, underlining the need for countermeasures and informed risk assessment strategies. This is also a call for public awareness of this threat.
Referências
Folha de S.Paulo (2025). Financial scam losses surpassed $1.7 billion last year, says banking federation. [link]. Last accessed 08 April 2025.
Fórum Brasileiro de Segurança Pública (2024). Anuário Brasileiro de Segurança Pública 2024. Fórum Brasileiro de Segurança Pública, São Paulo, 18 edition.
Garkava, T., Moneva, A., and Leukfeldt, E. R. (2024). Stolen data markets on telegram: a crime script analysis and situational crime prevention measures. Trends in Organized Crime.
Georgoulias, D., Yaben, R., and Vasilomanolakis, E. (2023). Cheaper than you thought? a dive into the darkweb market of cyber-crime products. In Proceedings of the 18th International Conference on Availability, Reliability and Security, ARES ’23, New York, NY, USA. Association for Computing Machinery.
Júnior, M., Melo, P., Kansaon, D., Mafra, V., Sá, K., and Benevenuto, F. (2022). Telegram monitor: Monitoring brazilian political groups and channels on telegram. In Proceedings of the 33rd ACM Conference on Hypertext and Social Media, pages 228–231. ACM.
Kayser, C. S., Back, S., and Toro-Alvarez, M. M. (2024). Identity theft: The importance of prosecuting on behalf of victims. Laws, 13(6).
Liu, Y., Lin, F. Y., Ahmad-Post, Z., Ebrahimi, M., Zhang, N., Hu, J. L., Xin, J., Li, W., and Chen, H. (2020). Identifying, collecting, and monitoring personally identifiable information: From the dark web to the surface web. In 2020 IEEE International Conference on Intelligence and Security Informatics (ISI), pages 1–6.
Maia, L. R. H., Massarani, L., Santos, M. A. D., and Oliveira, T. (2024). Comunidades de pertencimento, desinformação e antagonismo: processos interacionais em grupos antivacina no telegram no brasil. Galáxia (São Paulo), 49:e64635.
McCallister, E., Grance, T., and Scarfone, K. (2010). Guide to protecting the confidentiality of personally identifiable information. Diane Publishing. NIST Special Publication 800-122.
Santini, R. M., Salles, D., Mattos, B., Moreira, A., Mello, D., Haddad, J. G., Dias, B., Gomes, M., Dau, E., Borges, A., and Loureiro, F. (2025). Danos causados pela publicidade enganosa na meta: Anúncios fraudulentos promovem desinformação sobre o pix para lesar cidadãos brasileiros. NetLab – Laboratório de Estudos de Internet e Redes Sociais, Universidade Federal do Rio de Janeiro (UFRJ).
