Report: Hacker leaks data of an Indian health insurance company via Telegram bots

Hackers stole confidential data from Star Health and Allied Insurance, an India-based health insurer, and made it publicly available through Telegram chatbots, according to a recent report by Reuters. The breach exposed the private data of millions of customers, the report said.

The stolen data includes sensitive personal information such as medical records, identification documents and contact details. These documents were available for download via two chatbots on Telegram, one of the world’s largest messaging platforms with over 900 million users. The chatbots reportedly leaked over 7 terabytes of data, including over 31 million Star Health customers.

Telegram’s role in the data breach

Telegram allows users to create and customize chatbots to automate tasks such as sharing files and documents. This feature has driven the platform’s popularity, especially among businesses, but it has also become a tool for criminal activity. In this case, hackers used chatbots to distribute stolen data, offering insurance and claim documents in exchange for requests.

Jason Parker, a UK-based security researcher, was the first to discover this breach. He alerted Reuters after posing as a buyer on online hacker forums, where a user named “xenZen” claimed responsibility for creating the bots. XenZen boasted of having access to about 7.24 terabytes of customer data and offered it for sale in bulk, while also providing free samples through the chatbots.

Despite the apparent scale of the breach, Star Health, which has a market capitalization of over $4 billion, initially downplayed the incident, the Reuters report said. The company said there was “no comprehensive compromise” and sensitive data remained secure. However, using the chatbots, Reuters was able to download over 1,500 documents containing personal customer information, including names, addresses, tax details and medical histories.

One particularly worrying case was the disclosure of the medical records of a one-year-old girl from Kerala, according to data seen by Reuters. The documents included her medical diagnoses, blood test results and a bill from the hospital where she was treated. In another case, the ultrasound scan results of a policyholder named Pankaj Subhash Malhotra, as well as his tax number and national identity card details, were leaked through the chatbot.

These customers, like many others, were unaware of the data breach. Star Health did not inform affected individuals about the leak, leaving them vulnerable to identity theft and other malicious activity, according to Reuters.

Reply from Telegram

When Telegram became aware of the situation, it acted quickly to shut down the chatbots. A spokesperson explained that sharing private information was prohibited on the platform. However, the chatbots were almost immediately replaced with new ones and continued to spread the stolen data, the Reuters report added.

The incident also comes amid growing criticism of Telegram’s content moderation practices. The arrest of the platform’s Russian-born founder, Pavel Durov, in France last month has fuelled calls for tighter regulation of the messaging app, which is increasingly being used by cybercriminals.

Star Health’s response

Star Health confirmed to Reuters that an unidentified person contacted the company on August 13 claiming to have access to their data. The company immediately reported the matter to local authorities in Tamil Nadu and India’s federal cybersecurity agency CERT-In. In its statement to Reuters, Star Health assured its customers that it is working closely with law enforcement to resolve the issue.

However, cybersecurity experts like NordVPN’s Adrianus Warmenhoven warn that Telegram’s ease of use makes it an ideal platform for criminals to sell stolen data. According to a 2022 NordVPN survey, India accounted for 12% of global chatbot data breach victims, the largest share of any country, the report said.