Recently, in practice you need to use a second factor (Telegram originally only used one factor, your phone number, which was verified by sending a message or calling it.)
Someone added two clients while I was asleep around new year.
I kicked them out and threw in a password and they tried again (unsuccessfully :) next night.
Meanwhile, way bigger leaks has happened from WhatsApp over the years.
If security is important to you, use something that is made for security, like Signal or Matrix, not "good enough call it secure" like Telegram or "how much data can we get away with stealing" like any Meta product.
Someone added two clients while I was asleep around new year.
I kicked them out and threw in a password and they tried again (unsuccessfully :) next night.
Meanwhile, way bigger leaks has happened from WhatsApp over the years.
If security is important to you, use something that is made for security, like Signal or Matrix, not "good enough call it secure" like Telegram or "how much data can we get away with stealing" like any Meta product.