Hacker Exploits Telegram Chatbots to Leak Star health Insurance Data

Stolen customer data, including medical reports from India’s largest health insurer, Star health, has become publicly accessible through Telegram chatbots. This comes shortly after the app's founder faced accusations of enabling criminal activity.The alleged creator of these chatbots informed a security researcher, who alerted Reuters, that personal details of millions were for sale, with samples available upon request from the bots. Star health and Allied Insurance, valued at over $4 billion, reported the unauthorized data access to local authorities, claiming that an initial assessment indicated "no widespread compromise" and that "sensitive customer data remains secure."

Using the chatbots, Reuters successfully downloaded policy and claims documents containing names, phone numbers, addresses, tax information, ID card copies, test results, and medical diagnoses.The ability to create chatbots has significantly contributed to Telegram's growth, boasting 900 million active monthly users. However, increased scrutiny followed the recent arrest of founder Pavel Durov in France, raising concerns about the app’s content moderation and features that could be exploited for criminal purposes. Durov and Telegram denied any wrongdoing and are responding to the criticisms.

The emergence of Telegram chatbots for selling stolen data highlights the platform's challenges in preventing misuse of its technology, as well as the difficulties faced by indian companies in safeguarding their data.

According to UK-based security researcher Jason Parker, the Star health chatbots, identified as “by xenZen,” have been operational since at least august 6. Parker, posing as a buyer on a hacker forum, found that a user named xenZen claimed to have created the chatbots and possessed 7.24 terabytes of data related to over 31 million Star health customers. The data was reportedly available for free through the chatbot on a random basis but could be purchased in bulk.

During testing, Reuters downloaded over 1,500 files, with some documents dated as recently as July 2024. The welcome message for the bots indicated that if one were taken down, another would be available shortly.

Later, the chatbots were marked as "SCAM" due to user reports. After notifying Telegram on september 16, a spokesperson confirmed that the bots were taken down within 24 hours and requested to be informed of any new instances.

Telegram reiterated that sharing private information is strictly prohibited and is actively removed. They utilize a combination of monitoring, AI tools, and user reports to eliminate harmful content daily. Nevertheless, new chatbots offering Star health data quickly emerged.

Star health stated that an unidentified individual contacted them on august 13, claiming access to sensitive data. The insurer reported this to the cybercrime department in tamil Nadu and the federal cybersecurity agency CERT-In. They emphasized their commitment to customer privacy and are cooperating with law enforcement.

In an august 14 stock exchange filing, Star health, which leads the standalone health insurance sector in india, announced an investigation into a possible breach involving "a few claims data." Representatives from CERT-In and the tamil Nadu cybercrime department did not respond to requests for comments.Telegram allows anonymous accounts to store and share vast amounts of data and create customizable chatbots for user requests. Two specific chatbots distribute Star health data, one providing claim documents in PDF format and the other allowing users to request up to 20 samples from a dataset of 31.2 million records.

Among the leaked documents was information regarding the treatment of a one-year-old daughter of policyholder sandeep TS at a kerala hospital, including diagnosis, blood test results, medical history, and a bill of nearly 15,000 rupees ($179). sandeep expressed concern about the potential impact of the data leak, noting that Star health had not informed him of any breach.Another leaked claim involved policyholder Pankaj Subhash Malhotra, which included ultrasound test results and personal identification documents. He confirmed the authenticity of the documents and also stated he had not been made aware of any security issues.

The Star health chatbots exemplify a growing trend of hackers utilizing similar methods to sell stolen data. A survey by NordVPN at the end of 2022 revealed that india accounted for 12% of the five million individuals whose data was sold through chatbots.NordVPN cybersecurity expert Adrianus Warmenhoven remarked that the availability of sensitive data on Telegram is unsurprising, as the platform has become a convenient storefront for criminal activity, simplifying interactions for offenders.




Find out more: