Telegram Chatbots Used by Hackers to Breach Data of Star Health

Ayesha Anwar
By Ayesha Anwar
16 Min Read
Hacker uses Telegram chatbots to leak data of top Indian insurer Star Health

Only a few weeks after founder of Telegram was charged with enabling the Messenger software to assist criminal activity, stolen customer data, including medical reports from Star Health, the largest health insurer in India, is available to the public via chatbots on the platform. 

Alleged designer of the Telegram chatbot’s informed a security researcher that private information of millions of people was out for grabs and that samples could be seen by requesting the chatbots to reveal them which is how Reuters learned about the problem. 

A statement was stated by the $4 billion-plus Star Health and Allied Insurance to Reuters that suspected illegal data access to local authorities had been reported. The “sensitive customer data remains secure,” and there was “no widespread compromise” after an initial examination, according to the statement. 

Policy and claims paperwork with names, phone numbers, tax information, residences, copies of ID cards, test results, and medical diagnoses was obtained by using the chatbots by Reuters.


Dubai-based Telegram has become one of the largest messenger programs globally thanks in large part to the ability for users to create chatbots, with 900 million monthly users that are active. 

The founder Pavel Durov, who was born in Russia, was arrested in France last month, and this has raised questions about Telegram’s content filtering and capabilities that could be abused for illegal purposes. Durov and Telegram responded to the criticism and refuted any misconduct.

Security researcher who is located in the UK, Jason Parker, insisted that since at least August 6, the Star Health chatbots have been in operation and include a welcome message that says they are “by xenZen.”

He also insisted that he had feigned to be an intended purchaser on an online hacker forum where a member going by the handle xenZen claimed to have created the chatbots and to have 7.24 gigabytes of data pertaining to more than 31 million Star Health clients. The chatbot offers random, piecemeal access to the data for free, but it can also be purchased in bulk.

Reuters was unable to find out how the chatbot’s designer got the data or to independently confirm xenZen’s claims. xenZen stated they were in talks with buyers in an email to Reuters, but they did not say who or why they were interested.

TAKEN DOWN

In order to test the bots, around 1,500 files were downloaded by Reuters, some dated as recently as July 2024.

“If this bot gets taken down, watch out, and another one will be made available in a few hours,” the welcome message said. 

After that, people reported the chatbots as suspicious, and they were labeled as “SCAM” with a stock warning. On September 16, Reuters gave Telegram access to the chatbots’ details. A day later, spokesman Remi Vaughn stated the chatbots had been “taken down” and requested to be notified if any more appeared. 

“The sharing of private information on Telegram is expressly forbidden and is removed whenever it is found. Moderators use a combination of proactive monitoring, AI tools, and user reports to remove millions of pieces of harmful content each day.”

Since then, more chatbots have emerged that provide Star Health data.

On August 13, Star Health said that an unknown individual got in touch with it. He claimed to have access to certain of its information. The insurer notified the cybercrime department of Tamil Nadu and the federal cyber security agency CERT-In, where it is based, of the incident.

It was said in a statement, “The unauthorized acquisition and dissemination of customer data is illegal, and we are actively working with law enforcement to address this criminal activity. Star Health assures its customers and partners that their privacy is of paramount importance to us.” 

The largest standalone health insurance company in India, Star Health, said that it was looking into a supposed trespass of “a few claims data” in a stock exchange filing on August 14.

CERT-In or the Tamil Nadu cybercrime department representatives did not answer the email inquiries for comments.

UNAWARE

All behind anonymous profiles, large volumes of data can be shared and stored by individuals or companies via Telegram. Furthermore, it allows them to build configurable chatbots that respond automatically to user requests for content and features.

Star Health data is distributed by two chatbots. One provides claim forms in PDF file format. With only one click, customers can request up to 20 samples from 31.2 million datasets, providing information such as policy number, name, and body mass index. 

Records pertaining to the care given to policyholder Sandeep TS’s one-year-old daughter at a hospital in the southern state of Kerala were among the materials made available to Reuters. The medical records included blood test results, a diagnosis, and a bill totaling almost 15,000 rupees ($179). 

“That sounds alarming. Are you aware of the potential impact on me?” Sandeep asked, verifying the legitimacy of the documents. He said he was not informed of any data leak by Star Health.

Additionally, last year, the chatbot disclosed a claim made by policyholder Pankaj Subhash Malhotra, which contained copies of his national ID cards, federal tax account information, and the findings of an ultrasound imaging test. Furthermore, he declared he had no knowledge of any security breach and verified the legitimacy of the documents.

Chatbots are often used by hackers to sell the stolen data. This is not unique to Star Health; this is a common practice. According to the most recent assessment on the epidemic, which NordVPN conducted at the end of 2022, India accounted for the greatest number of victims (12%) out of the five million people whose data was sold via chatbots.

 

“The fact that sensitive data is available via Telegram is natural, because Telegram is an easy-to-use storefront. Telegram has become an easier-to-use method for criminals to interact.” It was stated by NordVPN cybersecurity specialist Adrianus Warmenhoven.

Share This Article
Leave a comment