Breaking News

Data Breach: Hackers Uses Telegram Bots to Leak Star Health’s Information

Data Breach: Hackers Uses Telegram Bots to Leak Star Health's Information

Stolen customer data, including medical records from India’s largest health insurer, Star Health, has been made publicly accessible through Telegram chatbots, shortly after accusations were made against the app’s founder for enabling criminal activities. The alleged creator of the chatbots informed a security researcher, who notified Reuters, that personal information of millions is available for sale, with samples viewable upon request.

Star Health and Allied Insurance, valued at over $4 billion, reported the unauthorized data access to local authorities, stating that an initial assessment found “no widespread compromise” and that “sensitive customer data remains secure.”

Read more: Pakistan’s First Multi-Mission Satellite, PAKSAT-MM1, Is Now Operational

However, using the chatbots, Reuters was able to download policy documents containing names, phone numbers, addresses, tax information, ID copies, medical test results, and diagnoses.

The rise of Telegram’s chatbot feature has contributed to its growth, boasting 900 million active users monthly. However, recent scrutiny has intensified following the arrest of its founder, Pavel Durov, which raised concerns about the app’s content moderation and potential for misuse.

The Star Health chatbots, identified as being “by xenZen,” have reportedly been operational since at least August 6, according to UK-based security researcher Jason Parker.

Parker engaged with a user named xenZen on an online hacker forum, who claimed to have created the chatbots and possessed 7.24 terabytes of data on over 31 million Star Health customers. The data can be accessed piecemeal for free or purchased in bulk. Reuters could not independently verify xenZen’s claims or how the data was acquired, but the creator indicated ongoing discussions with interested buyers.

Taken Down:

In testing the chatbots, Reuters downloaded over 1,500 files, with some documents dated as recently as July 2024. One of the bots warned users, “If this bot gets taken down, watch out; another one will be available in a few hours.”

The chatbots were later labeled as “SCAM” due to user reports of suspicious activity. After Reuters notified Telegram on September 16, spokesperson Remi Vaughn confirmed that the bots were taken down within 24 hours and requested to be informed of any new instances. Vaughn added, “The sharing of private information on Telegram is expressly forbidden and removed when found. Moderators use proactive monitoring, AI tools, and user reports to eliminate millions of harmful content pieces daily.”

Despite this, new chatbots offering Star Health data quickly emerged. Star Health reported that an unknown individual contacted them on August 13, claiming to have accessed some of their data. The insurer has since alerted the cybercrime department in Tamil Nadu and the federal cybersecurity agency CERT-In.

In its statement, Star Health emphasized that the unauthorized acquisition and distribution of customer data is illegal and that they are cooperating with law enforcement to combat this issue. The company reassured customers and partners that their privacy is a top priority. In an August 14 stock exchange filing, Star Health noted it was investigating an alleged breach involving “a few claims data.” Representatives from CERT-In and the Tamil Nadu cybercrime department did not respond to requests for comment.

UnAware:

Telegram enables users and organizations to store and share vast amounts of data anonymously and create customizable chatbots that deliver content based on user requests.

Two chatbots are currently distributing data from Star Health. One provides claim documents in PDF format, while the other allows users to request up to 20 samples from a dataset of 31.2 million records with a single click, revealing details like policy numbers, names, and even body mass index.

Among the documents obtained by Reuters were records concerning the treatment of a one-year-old daughter of policyholder Sandeep TS at a hospital in Kerala, including diagnosis, blood test results, medical history, and a bill totaling nearly 15,000 rupees ($179). “It sounds concerning. Do you know how this can affect me?” Sandeep said, confirming the authenticity of the documents. He noted that Star Health had not informed him about any data leak.

The chatbot also leaked a claim from policyholder Pankaj Subhash Malhotra, which included ultrasound test results, details of his illness, and copies of his federal tax account and national ID cards. He confirmed the documents were genuine and stated he had not been made aware of any security breach.

These incidents reflect a wider trend of hackers using such methods to sell stolen data. According to a NordVPN survey at the end of 2022, India accounted for 12% of the five million people whose data was sold via chatbots, making it the largest group of victims.

“The availability of sensitive data on Telegram is unsurprising, as it serves as an easy-to-use platform for such activities,” said NordVPN cybersecurity expert Adrianus Warmenhoven. “Telegram has become a simpler method for criminals to operate.”

Facebook
Twitter
LinkedIn
Pinterest
WhatsApp