Post cover image
One public string, three documented API calls, live target

June 1, 2026

What a Leaked Telegram Bot Token Actually Exposes

A leaked Telegram bot token isn’t just a credential to rotate. It’s a live window into the traffic, the groups, and the server behind it…

Dzianis Skliar

4 min read

A leaked Telegram bot token isn't just a credential to rotate. It's a live window into the traffic, the groups, and the server behind it. Here's the recon, and what defenders keep missing.

Most leaked secrets are doors. You find the key, you open the door, you're in. A Telegram bot token is something else. It's a window you can keep looking through, and while running a GitHub scan, that window turned out to be everywhere.

The most common live secret I confirmed wasn't an AWS key or a database password. It was Telegram bot tokens, over a thousand of them, still working. So pick one. A token sitting in a public repo, committed by someone who almost certainly forgot it was there. With nothing but that string and Telegram's own public API, here's what it gives up in under a minute.

This is the first piece in a series on offensive OSINT: taking the things people leave in public and showing you the attack surface behind them. A leaked token is a perfect place to start, because it self-describes.

None

The token tells you what it can do

The Bot API is just a set of HTTPS endpoints. The token goes straight into the URL, and the first call you make, getMe, hands back the bot's identity and, more usefully, its permissions.

You learn whether the bot can join groups. Whether it supports inline mode. And the one that matters most: whether privacy mode is off.

Privacy mode is the setting that determines how much a bot can see in a group chat. With it on, the bot only sees messages addressed to it. With it off, it sees everything: every message, from everyone, in every group it sits in.

Defender note: a leaked token for a privacy-off bot isn't a leaked credential. It's a leaked feed of those conversations. Anyone holding the string can read what the group is saying.

None

getUpdates turns it into a live channel

Here's where a bot token differs from other secrets. Most credentials give you access. This one gives you the stream.

getUpdates returns the messages queued for the bot: who's been talking to it and what they're sending. If the bot relays support tickets, order notifications, alerts, or one-time codes, that's what comes back. And because the channel runs both ways, whoever holds the token can also send as the bot, to the same users who trust it.

Defender note: ask what your bot actually carries. If the answer is "anything sensitive," the token is no longer a config value. It's the conversation itself.

getWebhookInfo is the pivot into infrastructure

This is the part that turns a bot into recon, and it's the heart of why this is OSINT and not just credential abuse.

A bot receives updates in one of two ways. It either polls Telegram or Telegram pushes updates to a webhook, a URL the developer set up to catch them. One more call, getWebhookInfo, hands you that URL.

That URL is the address of the server running the application behind the bot. In the dataset, every active webhook gave up a host, and every one gave up an IP address. Many also revealed the platform underneath: Koyeb, Render, Railway, and a Cloudflare tunnel. PaaS providers are the kind of place a small project deploys to in a few clicks.

So follow the chain. You started with a string in a public repo. One call later, you have the live, public-facing infrastructure address of the thing it powers. That's the whole offensive-OSINT move in one step: a forgotten artefact becomes an attack surface.

Defender note: the webhook URL is effectively a map to your backend. Treat the token as exposed, because it is.

This isn't one unlucky repo

It's tempting to read all this as the work of one careless developer. It isn't. Across the confirmed live tokens, the pattern holds at scale:

Roughly three in four bots could join groups.

29 had privacy mode off, quietly readable feeds of whatever groups they're in.

257 ran active webhooks, and every one of them exposed where it was hosted, down to the IP address.

One didn't even use HTTPS.

None

Multiply that by a thousand. What you're looking at isn't a single bug. It's a systemic exposure that public OSINT is enough to map. No exploit, no access, you weren't handed.

What to actually do

The fixes are unglamorous, and they all sit on your side of the fence:

Treat the token as a live secret with a blast radius, not a config string. If it leaks, rotate it through BotFather immediately, and the old token dies the moment you do.

Leave privacy mode on unless the bot has a real reason to read every message.

Scope the bot down. A bot that can join any group and read everything is a bigger window than most projects need.

Scan your own repos and CI history before someone else does. The token you committed two years ago is still working.

The disclosure gap

Here's the uncomfortable close. There's no clean way to disclose this at scale.

Telegram has no mechanism to warn a thousand repo owners. Most of these projects have no security contact, no vulnerability disclosure program, and no inbox that would read a heads-up. So the exposure just sits there, public, live, and quietly readable, which is exactly what makes it offensive OSINT rather than a vuln report.

That's the part worth sitting with. The fix never depended on anyone disclosing anything. It depended on the token not being there in the first place and on you finding it before someone else runs the same scan.