Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1880+ Articles
149+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
  1. Home
  2. News
  3. Hackers Hijack Russian Journalist Sobchak's Telegram Channels via Email Breach, Claim 350 GB Stolen
Hackers Hijack Russian Journalist Sobchak's Telegram Channels via Email Breach, Claim 350 GB Stolen
NEWS

Hackers Hijack Russian Journalist Sobchak's Telegram Channels via Email Breach, Claim 350 GB Stolen

Hacker group Black Mirror compromised Ksenia Sobchak's email account and used it to seize two of her Telegram channels with 1.5 million combined subscribers, then published alleged private correspondence with Kremlin officials and claimed to have 350 GB of data for sale.

Dylan H.

News Desk

July 13, 2026
4 min read

On July 8, 2026, hackers compromised the email account of Ksenia Sobchak — prominent Russian journalist, television personality, and media executive — and used that access to briefly seize control of two of her high-profile Telegram channels. The group responsible, Black Mirror, alongside the anonymous Telegram project VChK-OGPU, then published what they claim is private correspondence revealing the inner mechanics of Kremlin media control.

The Attack: Email to Telegram Takeover

The attack chain was straightforward but effective:

  1. Attackers compromised Sobchak's email account through an undisclosed method
  2. Her Telegram channels were linked to that email address
  3. Email access was used to seize control of two channels:
    • Krovavaya Barynya (Bloody Lady) — 1.14 million subscribers
    • Sobchak — 372,000 subscribers
  4. Sobchak's team regained control of both channels within approximately three hours

The attack illustrates a critical and often overlooked risk: email accounts serve as a master key to any service linked to them, including messaging platforms like Telegram. Even with Telegram's own security measures, a compromised linked email can enable channel hijacking.

What Was Published

After the brief channel takeover, Black Mirror and VChK-OGPU published screenshots of alleged private correspondence, voice messages, and internal communications. The group claims to possess more than 350 GB of Sobchak's data spanning 2015 to 2026, which they are offering for sale.

The alleged leaked materials include:

  • Correspondence between Sobchak and Kremlin media figures purportedly revealing censorship coordination
  • Internal communications related to Russian state media handling of a June 18, 2026 Ukrainian drone attack on Moscow
  • Alleged exchanges with Sergey Titov, editor-in-chief of Ostorozhno Novosti
  • Alleged messages with Kristina Potupchik, described as the Kremlin's primary Telegram contractor
  • Alleged March 2022 messages and phone calls with Andriy Yermak, Zelensky's then-chief of staff — at the start of Russia's full-scale invasion of Ukraine

Sobchak categorically denied the authenticity of all published materials, characterizing them as fabrications designed to discredit her and her media project.

Who Is Black Mirror?

Black Mirror has been active since at least 2019 and specializes in targeting Russian state-connected individuals. The group's known prior operations include publishing the forensic autopsy report and morgue photographs of Alexei Navalny in spring 2026. Their business model centers on stealing and monetizing personal data via Telegram — they claim to delete sold data after a transaction completes.

Political Fallout

The leak was politically explosive in Russia. Meduza, the independent Russian-language outlet, noted that if the materials are authentic, they "vividly illustrate the mechanics of power and censorship in today's Russia." Pro-Kremlin commentator Yevgeny Solovyov accused Sobchak and her mother, Senator Lyudmila Narusova, of "betrayal" and acting in the interests of foreign intelligence services.

The allegations that Sobchak had private communications with a senior Ukrainian official at the start of the full-scale invasion — if authenticated — would represent a significant domestic political crisis for her. The authenticity dispute remains unresolved, and experts have not independently verified the materials.

Security Takeaways

This incident demonstrates several recurring patterns in high-profile account takeovers:

Email is the skeleton key. Any account linked to a compromised email address — social media, messaging platforms, cloud services — is at risk. High-profile individuals and organizations should use dedicated, isolated email accounts for linking critical services.

Social media amplification is instant. With 1.5 million combined subscribers across two channels, attackers had a massive immediate audience for whatever content they chose to publish or the political narrative they chose to advance.

Data monetization is the end game. Black Mirror's model — breach, extract, sell — is increasingly common. The 350 GB figure, if accurate, represents a multi-year archive of personal and professional communications.

Platform response time matters. Regaining channel control in approximately three hours limited the attackers' window to post content, but the damage — publication of alleged private correspondence — was done before access was restored.

References

  • The Record — Sobchak Telegram Hack Coverage
  • Meduza — Hackers Publish Alleged Sobchak Correspondence
  • Meduza — Initial Channel Hijacking Report
#Data Breach#Russia#Telegram#Account Takeover#Hacktivism

Related Articles

Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials

Ukraine's SSU and the FBI have exposed a sustained Russian intelligence campaign using fake support SMS messages to steal Signal, WhatsApp, and Telegram...

5 min read

PhantomCore Exploits TrueConf Vulnerabilities to Breach

Pro-Ukrainian hacktivist group PhantomCore has been attributed to a sustained campaign targeting TrueConf video conferencing servers across Russia since...

5 min read

Medusa Ransomware Exploits Zero-Days to Deploy Ransomware

Microsoft has raised the alarm over Medusa ransomware's unprecedented operational speed, with the group now exploiting zero-day vulnerabilities before...

5 min read
Back to all News