A hacker has used Telegram chatbots to leak the data and private details of millions of Star Health Insurance customers, which are accessible and purchasable through these bots.
According to a Reuters report, stolen customer data from Star Health, India’s largest health insurer, includes medical reports. It is available on Telegram, a recently scrutinised platform after its founder faced accusations of facilitating criminal activities. The creator of these chatbots told a security researcher, who then informed Reuters, that these private details were up for sale, with samples viewable upon request.
With a market cap of over $4 billion, Star Health and Allied Insurance acknowledged the unauthorized data access in a statement to Reuters and reported the incident to local authorities. Their preliminary assessment indicated no widespread compromise, asserting that sensitive customer data remains secure.
Using these chatbots, Reuters downloaded documents, including policy details, phone numbers, addresses, tax information, ID copies, test results, and medical diagnoses.
The feature to create chatbots has been pivotal in helping Telegram, based in Dubai, grow to 900 million active monthly users.
However, the recent arrest in France of Telegram’s Russian-born founder, Pavel Durov, has intensified scrutiny over the app’s content moderation. Durov and Telegram have denied any wrongdoing and are addressing these criticisms.
This incident with Telegram chatbots selling stolen data underlines the app’s challenges in preventing misuse of its technology and highlights the broader issues Indian companies face in safeguarding their data.
According to UK-based security researcher Jason Parker, the chatbots, identified as “by xenZen,” have been active since at least August 6. Parker engaged with a user named xenZen on an online hacker forum, who claimed to have created the chatbots and possessed 7.24 terabytes of data on over 31 million Star Health customers. The data is free in pieces or can be purchased in bulk via the chatbot.
While Reuters could not independently verify xenZen’s claims nor determine how the data was obtained, xenZen communicated via email about being in discussions with potential buyers.
After testing, Reuters found the chatbots labelled “SCAM” following user reports. Upon notifying Telegram on September 16, the chatbots were taken down within 24 hours, according to Telegram spokesperson Remi Vaughn, who also requested notification of any new appearances.
Impact and Response to the Security Breach
Star Health reported an unauthorized data access claim to the Tamil Nadu cybercrime department and the federal cyber security agency, CERT-In, on August 13. The company reassured its customers and partners of its commitment to privacy.
In an August 14 stock exchange filing, Star Health disclosed an investigation into an alleged breach of some claims data.
Representatives for CERT-In and the Tamil Nadu cybercrime department have not yet responded to requests for comment.
Telegram’s ability to store and share large amounts of data anonymously and its customizable chatbots, which deliver content based on user requests, played a role in this data breach. Two chatbots specifically distributed Star Health data; one provided claim documents in PDF, and another allowed up to 20 data samples per request, including detailed personal information.
Among the leaked documents were medical records of a policyholder’s daughter and another policyholder’s claim details, including medical tests and ID copies. Both policyholders confirmed the authenticity of the documents to Reuters and expressed concern over the breach, noting that Star Health had not notified them.
This incident is part of a larger pattern of hackers utilizing such methods to distribute stolen data. According to a NordVPN survey at the end of 2022, India had the highest proportion of victims in data sales through chatbots, representing 12% of the global total.
