Hacker Uses Telegram Chatbots to Leak Data of Major Indian Insurer, Star Health
The creator of the chatbots reportedly told a security researcher, who later informed Reuters, that private information of millions of individuals was for sale, with samples available through chatbot requests.
WASHINGTON/BENGALURU, Sept 20 (Reuters): Stolen customer data, including medical reports from India’s largest health insurer, Star Health, has been made publicly accessible through Telegram chatbots. This comes just weeks after Telegram's founder faced accusations of enabling criminal activities through the messaging app.
The creator of the chatbots reportedly told a security researcher, who later informed Reuters, that private information of millions of individuals was for sale, with samples available through chatbot requests.
Star Health and Allied Insurance, valued at over $4 billion, confirmed to Reuters that it had reported the unauthorized data access to local authorities. The company stated that an initial investigation revealed "no widespread compromise" and assured that "sensitive customer data remains secure."
However, Reuters was able to access policy and claims documents through the chatbots, which included names, phone numbers, addresses, tax details, ID card copies, medical test results, and diagnoses.
The ability to create such chatbots has been one of the reasons behind Telegram’s massive growth, with 900 million monthly active users. Still, the arrest of Telegram’s Russian-born founder, Pavel Durov, in France last month has heightened scrutiny of the app’s moderation practices. Durov and Telegram have denied any wrongdoing and are addressing the concerns.
The incident with Star Health highlights the challenges faced by apps like Telegram in preventing malicious use of their platforms and underscores the difficulties Indian companies face in safeguarding their data.
Chatbots Linked to Data Leak: The Star Health chatbots, operational since at least August 6, are linked to a user alias "xenZen." According to UK-based security researcher Jason Parker, who posed as a buyer on a hacker forum, the chatbots' creator claims to possess 7.24 terabytes of data from over 31 million Star Health customers. While random samples are available for free through the chatbot, the entire dataset is being offered for sale.
Reuters could not independently verify these claims or how the data was obtained. In a message to Reuters, xenZen confirmed being in talks with buyers but did not disclose details.
How the Chatbots Work: Telegram allows individuals or organizations to store and share large volumes of data anonymously, and the creation of chatbots provides automated content distribution. Two chatbots are currently distributing Star Health data—one offers claim documents in PDF format, and the other delivers up to 20 data samples at a time, including policy numbers, names, and body mass index.
Documents obtained by Reuters included medical records of a one-year-old child in Kerala, along with diagnosis details, blood test results, and a hospital bill. The child’s father, Sandeep TS, confirmed the authenticity of the documents and expressed concern, noting that Star Health had not informed him of any data breach. Another policyholder, Pankaj Subhash Malhotra, confirmed his leaked ultrasound results and ID copies, stating he had also received no notification of the breach.
Broader Implications: The Star Health chatbot incident is part of a wider trend where hackers use Telegram to sell stolen data. According to a 2022 NordVPN survey, India accounted for 12% of the five million people affected by data sold via chatbots.
“Telegram’s ease of use makes it a natural storefront for criminals,” said NordVPN cybersecurity expert Adrianus Warmenhoven. "It has become a simpler method for interacting with stolen data."
What's Your Reaction?