Hacker uses Telegram chatbots to leak Star Health Insurance data
Stolen customer data including medical reports from India’s largest health insurer Star Health have become publicly accessible via chatbots on Telegram, just weeks after Telegram’s founder was accused of enabling the messaging app to facilitate crimes.
The alleged creator of the chatbots told a security researcher who alerted Reuters to the issue that the private data of millions of people was for sale and that samples could be viewed by asking the chatbots to reveal them.
Star Health and Allied Insurance, whose market capitalization is more than $4 billion, said in a statement to Reuters that it had reported suspected unauthorized data access to local authorities. It said an initial assessment found “no widespread breach” and that “sensitive customer data remains secure.”
Using the chatbots, Reuters was able to download policy and claim documents containing names, phone numbers, addresses, tax information, copies of ID cards, test results and medical diagnoses.
The ability for users to create chatbots is widely credited with helping Dubai-based Telegram grow into one of the largest messaging apps in the world, with 900 million active monthly users.
However, the arrest of Russian-born founder Pavel Durov in France last month has drawn increased attention to Telegram’s content moderation and features that are open to abuse for criminal purposes. Durov and Telegram have denied wrongdoing and are addressing the criticism.
The use of Telegram chatbots to sell stolen data shows how difficult it is for the app to prevent malicious agents from abusing the technology, and highlights the challenges Indian companies face in keeping their data safe.
According to Jason Parker, a UK-based security researcher, Star Health’s chatbots come with a welcome message stating they are “from xenZen” and have been operational since at least August 6.
Parker said he posed as a potential buyer on an online hacker forum where a user going by the alias xenZen said they had created the chatbots and were in possession of 7.24 terabytes of data relating to more than 31 million Star Health customers. The data is free via the chatbot on a random, piecemeal basis but is available for purchase in bulk.
Reuters was unable to independently verify xenZen’s claims or determine how the chatbot maker obtained the data. In an email to Reuters, xenZen said it was in talks with buyers, without disclosing who or why they were interested.
Broken down
In testing the bots, Reuters downloaded more than 1,500 files, some of which were documents dated July 2024.
“If this bot is removed, please be careful. A new one will be available within a few hours,” the welcome message reads.
The chatbots were later marked “SCAM” with a standard warning that users had reported them as suspicious. Reuters shared details of the chatbots with Telegram on September 16, and within 24 hours, spokesperson Remi Vaughn said they had been “removed” and asked to be notified if more emerged.
“Sharing private information on Telegram is strictly prohibited and will be removed as soon as it is found. Moderators use a combination of proactive monitoring, AI tools, and user reports to remove millions of pieces of harmful content every day.”
Since then, new chatbots have emerged that offer data on celebrities’ health.
Star Health said an unidentified person contacted them on August 13, claiming to have access to some of their data. The insurer reported the matter to the cybercrime department of its home state Tamil Nadu and the federal cybersecurity agency CERT-In.
“The unauthorized acquisition and distribution of customer data is illegal and we are actively working with law enforcement to address this criminal activity. Star Health assures its customers and partners that their privacy is of the utmost importance to us,” the statement said.
Star Health, India’s largest independent health insurer, said in an August 14 stock exchange filing that it was investigating an alleged breach of “some claims data”.
Representatives of CERT-In and the Tamil Nadu cybercrime department did not respond to emailed requests for comment.
Subconscious
Telegram allows individuals or organizations to store and share large amounts of data behind anonymous accounts. It also lets them create customizable chatbots that automatically deliver content and features based on user requests.
Two chatbots distribute Star Health data. One provides claim documents in PDF format. The other allows users to retrieve up to 20 samples from 31.2 million datasets with a single click, with details such as policy number, name and even body mass index.
Among the documents released to Reuters were details of the treatment of the one-year-old daughter of policyholder Sandeep TS at a hospital in the southern state of Kerala. The records included diagnosis, blood test results, medical history and a bill of nearly 15,000 rupees ($179).
“It sounds worrisome. Do you know how this can affect me?” said Sandeep, who confirmed the authenticity of the documents. He said Star Health had not notified him of a data breach.
The chatbot also leaked a claim filed by insurance holder Pankaj Subhash Malhotra last year, which included ultrasound test results, details of illness and copies of federal tax bills and national identity cards. He also confirmed that the documents were authentic and said he was not aware of any security breach.
The Star Health chatbots are part of a broader trend of hackers using such methods to sell stolen data. Of the five million people whose data was sold via chatbots, India accounted for the largest number of victims at 12%, according to the latest research into the epidemic conducted by NordVPN in late 2022.
“The fact that sensitive data is available via Telegram makes sense, because Telegram is a user-friendly storefront,” says NordVPN cybersecurity expert Adrianus Warmenhoven. “Telegram has become a more user-friendly method for criminals to communicate.”
© Thomson Reuters 2024
(This story has not been edited by NDTV staff and is auto-generated from a syndicated feed.)
