Two-factor authentication in Telegram still / again does not work

At the end of May of this year, I wrote Why two-factor authentication in Telegram does not work (with pictures).

Later, about a month after the publication, it happened to Sergey Parkhomenko - his account was hijacked in the described manner.

After that, it seems like Telegram has temporarily disabled the ability to delete profiles protected by two-factor authentication in the messenger by code from SMS .
')
About two weeks ago, I repeated my May experiment with hijacking a Telegram account with myself — and everything worked out again, just like last time .

In short, as of August 18, 2016, the attack on accounts protected by two-factor authentication again works successfully: an attacker who has access to the user's SMS can “reinstall” the account, and for this he does not need to know the password:



In the screenshot we see the result of the fact that the interlocutor hijacked the account protected by two-factor authentication, and wrote messages on his behalf.

That is, if that, two-factor authentication in the Telegram is currently not working.
Or again - if this opportunity was really turned off in June, or still - if no one did.