Security researcher Dhiraj Mishra discovered a vulnerability in the Secret Chat feature on Telegram 7.3 where self-destructing media is not deleted from recipients’ devices. Mishra also discovered that Telegram was storing user’s local passcodes to unlock the app in plain text to access the app. The bug is particularly concerning for users who may be sending very sensitive video to other Telgrams users under the expectation that the app will automatically remove them after a set time. Telegram has fixed a security bounty of $3,000 from the company.
Source: https://www.bleepingcomputer.com/news/security/telegram-privacy-feature-failed-to-delete-self-destructing-video-files/