No time to read? Just listen to the news!
TL;DR
- Stolen customer data from India’s largest health insurer, Star Health, made public via Telegram chatbots, exposing sensitive information of millions
- Star Health reports unauthorized data access to authorities, claims no widespread compromise; Reuters able to download 1,500+ files with personal details
- Chatbot creator “xenZen” claims to possess 7.24 TB of data on 31M+ customers; Telegram removes chatbots after Reuters query, but new ones emerge
- Data breach part of larger trend using Telegram chatbots to sell stolen info; India has highest number of victims at 12% of 5M affected globally
Stolen customer data from India’s largest health insurer, Star Health, has been made publicly accessible through chatbots on the messaging app Telegram. The breach comes just weeks after Telegram’s founder, Pavel Durov, was accused of allowing the platform to facilitate criminal activities.
According to a security researcher who alerted Reuters, the purported creator of the chatbots claimed that private details of millions of Star Health customers were for sale, with samples available upon request. Using the chatbots, Reuters was able to download over 1,500 files containing sensitive information such as names, phone numbers, addresses, tax details, ID card copies, medical test results, and diagnoses.
Star Health, with a market capitalization exceeding $4 billion, has reported the alleged unauthorized data access to local authorities in Tamil Nadu and India’s federal cybersecurity agency CERT-In. The company stated that an initial assessment showed “no widespread compromise” and that “sensitive customer data remains secure.”
“The unauthorized acquisition and dissemination of customer data is illegal, and we are actively working with law enforcement to address this criminal activity. Star Health assures its customers and partners that their privacy is of paramount importance to us,” the insurer said in a statement.
The chatbots, which feature a welcome message stating they are “by xenZen,” have been operational since at least August 6, according to UK-based security researcher Jason Parker. Parker posed as a potential buyer on an online hacker forum where a user named xenZen claimed to have created the chatbots and possessed 7.24 terabytes of data related to over 31 million Star Health customers.
Reuters was unable to independently verify xenZen’s claims or determine how the chatbot creator obtained the data. In an email to Reuters, xenZen said they were in discussions with buyers without disclosing their identities or motives.
Telegram removed the chatbots after being alerted by Reuters on September 16, but new ones offering Star Health data have since appeared. The incident highlights the challenges Telegram faces in preventing its features from being exploited for criminal purposes, as well as the difficulties Indian companies encounter in safeguarding their data.
The Star Health data breach is part of a larger trend of hackers using Telegram chatbots to sell stolen information. A 2022 survey by NordVPN revealed that India had the highest number of victims, accounting for 12% of the five million people whose data was sold via chatbots.
“The fact that sensitive data is available via Telegram is natural, because Telegram is an easy-to-use storefront,” said NordVPN cybersecurity expert Adrianus Warmenhoven. “Telegram has become an easier to use method for criminals to interact.”
Among the documents leaked through the chatbots were medical records of a one-year-old girl from Kerala and a policyholder named Pankaj Subhash Malhotra. Both individuals confirmed the authenticity of the documents and stated that they had not been notified of any data breach by Star Health.
News Source: Reuters
