Hacker leaks data of Indian health insurance company via Telegram bots: report

Hackers have stolen sensitive data from Star Health and Allied Insurance, an India-based health insurance provider, and made it publicly accessible through Telegram chatbots, as per a recent report by Reuters. This breach has exposed the private details of millions of customers, according to the report.

The stolen data includes sensitive personal information such as medical reports, ID documents, and contact details. These documents were available for download through two chatbots on Telegram, one of the world's largest messaging platforms with over 900 million users. The chatbots reportedly leaked over 7 terabytes of data, involving over 31 million customers of Star Health.

The role of Telegram in the data breach

Telegram allows users to build and customise chatbots to automate tasks like sharing files and documents. While this feature has driven the platform's popularity, especially for businesses, it has also become a tool for criminal activities. In this case, hackers used chatbots to distribute stolen data, offering policy and claims documents in exchange for requests.

Jason Parker, a UK-based security researcher, was the first to discover this breach. He alerted Reuters after posing as a buyer in online hacker forums where a user named 'xenZen' claimed responsibility for creating the bots. XenZen boasted about having access to about 7.24 terabytes of customer data and offered it for sale in bulk, while also providing free samples through the chatbots.

Despite the apparent scale of the breach, Star Health, with a market capitalisation exceeding USD 4 billion, initially downplayed the incident, states the Reuters report. The company stated there was "no widespread compromise" and that sensitive data remained secure. However, using the chatbots, Reuters was able to download over 1,500 documents containing customers' personal information, including names, addresses, tax details, and medical histories.

According to the data accessed by Reuters, one particularly concerning case was the exposure of medical records belonging to a one-year-old girl from Kerala. The documents included her medical diagnoses, blood test results, and a bill from the hospital where she was treated. In another instance, a policyholder named Pankaj Subhash Malhotra had his ultrasound imaging results, along with his tax ID and national ID card details, leaked via the chatbot.

These customers, like many others, were unaware of the breach. Star Health did not notify affected individuals about the leak, leaving them vulnerable to identity theft and other malicious activities, according to Reuters.

Telegram's response

Once alerted to the situation, Telegram moved swiftly to take down the chatbots, with a spokesperson stating that the sharing of private information is forbidden on the platform. However, the chatbots were replaced with new ones almost immediately, continuing to distribute the stolen data, adds the Reuters report.

The incident also comes amid growing scrutiny of Telegram's content moderation practices. The arrest of the platform's Russian-born founder, Pavel Durov, in France last month has intensified calls for tighter regulation of the messaging app, which has increasingly been used by cybercriminals.

Star Health's response

Star Health confirmed to Reuters that an unidentified person contacted the company on August 13, claiming to have access to their data. The company immediately reported the matter to local authorities in Tamil Nadu and to India's federal cybersecurity agency CERT-In. In its statement to Reuters, Star Health reassured customers that it was working closely with law enforcement to resolve the issue.

However, cybersecurity experts like Adrianus Warmenhoven from NordVPN warn that Telegram's ease of use makes it an ideal platform for criminals to sell stolen data. According to a 2022 survey by NordVPN, India accounted for 12% of the global victims of data breaches involving chatbots, the largest share for any country, as per the report.