Recently, more than a dozen entrepreneurs’ accounts were hacked via the Telegram messaging app. The hack suggests a possible interception of user authentication codes, the one-time verification texts sent to mobile phones. It’s possible hackers were able to disrupt the normal operation of the app when users logged in from a new device, thus triggering the two-factor authentication.

It’s not clear how the attackers gained access to the code system. There was no evidence indicating the victims’ devices had been hacked. An even more serious possibility is that the mobile network was compromised. The firm suspects that the bad actors could have used the well-known compromise of the mobile network’s Signalling System No 7 (SS7) protocols.

SS7 is a part of the telecommunications infrastructure that shifts users between networks as they travel abroad and manages changes in charges when users cross different nations’ networks. Hackers have learned that by infiltrating mobile networks, they can intercept text messages, among other intrusions, including bank account thefts.

There’s another possibility, which is that the hacks are coming from sale of access to Telegram’s user information, on the dark web. Hackers offer these services for around $4,000 dollars per account. Researchers are continuing to investigate whether dark web advertisements for such hacking services and the recent hacks are linked.

To read more about the hack, see this Forbes article.