In a recent interview with right-wing personality Tucker Carlson, Telegram's founder Pavel Durov sparked concerns over the company's security practices. During the interview, Durov claimed to be the only product manager at the company, with a team of approximately 30 engineers. However, security experts argue that this revelation poses a red flag for users.

Critics highlight Telegram's lack of default end-to-end encryption for chats as a major security flaw. Unlike messaging apps like Signal or WhatsApp, which offer automatic encryption, Telegram users must initiate a "Secret Chat" to enable end-to-end encryption. This means that without such encryption, users' communications are potentially vulnerable to interception and monitoring.

Furthermore, doubts have been cast over the quality of Telegram's encryption as the company employs its proprietary encryption algorithm, developed by Durov's brother. Experts argue that relying on proprietary encryption raises concerns about the level of security provided by the messaging platform.

Eva Galperin, the director of cybersecurity at the Electronic Frontier Foundation, emphasized that Telegram is not just a messaging app but also a social media platform. This means it holds a significant amount of user data, including the contents of non-end-to-end encrypted communications. Galperin expressed concerns about Telegram's limited staffing, stating that with only 30 engineers, the company may struggle to handle legal requests, abuse reports, and content moderation effectively.

Galperin further highlighted the potential risks that an understaffed and overworked team poses to Telegram's cybersecurity. She argued that from a threat actor's perspective, a small team could be seen as encouraging news, as it may be easier to exploit the platform's vulnerabilities and gain unauthorized access to user data.

Experts stress that with just a small team, Telegram may not be well-equipped to combat hackers, especially those backed by governments. The absence of privacy or compliance professionals and the lack of third-party audits further dampen confidence in the platform's security measures.

Despite the concerns raised, Telegram has not responded to requests for comment on whether the company has a chief security officer or the number of engineers dedicated to securing the platform. This lack of transparency contributes to the growing skepticism surrounding Telegram's security practices.

Given Telegram's claim to have nearly one billion users, it becomes an attractive target for hackers, both criminal and government-affiliated. Security experts have long cautioned against viewing Telegram as a completely secure messaging app, and Durov's recent statements only exacerbate these concerns.

As cybersecurity becomes increasingly important, industry experts argue that companies, including those as prominent as Telegram, should allocate more resources towards securing their platforms to protect user data effectively. With such a small team dedicated to cybersecurity, Telegram's ability to safeguard user information remains uncertain.