Hacker Retracts Claim of Massive Max Messenger Breach

Overview

• In a hacker forum post, the anonymous author said his earlier statement about a database was wrong and that no such database exists.
• He added that no large-scale hack occurred and that subsequent checks did not reveal critical vulnerabilities.
• Max had already called the reports fake, asserting that all service data are stored on Russian servers and not on Amazon Web Services.
• The company said log reviews showed no suspicious activity, it received no relevant bug‑bounty reports, and it does not use bcrypt or store the personal fields cited in the rumor.
• The initial claim spread through Telegram channels and alleged a leak affecting more than 15 million users, including State Duma deputy Nikolay Brykin.