WASHINGTON/BENGALURU, Sept 20 (Askume) – Customer data stolen from India’s largest health insurer Star Health, including medical reports, is publicly available through a chatbot on Telegram. A few weeks ago, Telegram’s founder was accused of allowing the messaging app to facilitate crime.
The alleged creator of the chatbot told a security researcher, who alerted Askume to the issue of personal details of millions of people being sold, that samples could be obtained by asking the chatbot for information.
Star Health and Allied Insurance (STAU.NS), which has a market value of more than $4 billion, said in a statement to Askume that it had reported the alleged unauthorized data access to local authorities. The company said a preliminary assessment showed that “there was no widespread breach” and “sensitive customer information is secure.”
Using the chatbot, Askume was able to download policy and claims documents, including names, phone numbers, addresses, tax details, copies of ID cards, test results and medical diagnoses.
The ability for users to create chatbots is widely credited with helping Dubai-based Telegram become one of the world’s largest messaging apps with 900 million monthly active users .
However, the arrest of Russian-born founder Pavel Durov in France last month has increased scrutiny of Telegram’s content moderation and the misuse of its features for criminal purposes. Durov and Telegram have denied wrongdoing and responded to the criticism .
The use of Telegram chatbots to sell stolen data shows the app’s difficulty in preventing malicious agents from exploiting its technology, and highlights the challenges Indian companies face in keeping data secure.
British security researcher Jason Parker reports that the Star Health chatbot contains a welcome message stating that it was “developed by Zenzen” and has been in use since at least August 6.
Parker said he listed himself as a potential buyer on an online hacker forum, where a user named Zenzen said he had created a chatbot and had 7.24 terabytes of data belonging to more than 31 million Star Health customers. This data is provided for free in random pieces through chatbots, but it can be sold in bulk.
Askume was unable to independently verify Jenzen’s claims or find out how the chatbot maker obtained the data. Jensen said in an email to Askume that he is in talks with buyers, but did not say who he is interested in or why.
take it away
While testing the bots, Askume downloaded more than 1,500 files, some of which were dated July 2024.
The welcome message reads, “Please note that if this bot is removed, another bot will become available within a few hours.”
The chatbots were later labeled a “scam” and a stock warning was issued after users reported them as suspicious. Askume shared details of the chatbot with Telegram on September 16, and within 24 hours spokesman Remy Vaughn said the chatbot had been “removed” and that more information would be sought if it surfaced at any time.
“Sharing private information is explicitly prohibited on Telegram, and moderators use a combination of proactive monitoring, AI tools, and user reports to remove millions of pieces of harmful content every day.”
Since then, new chatbots offering celebrity health data have emerged.
Star Health said it was contacted by an unknown person on August 13 and claimed to have access to some of its information. The insurer reported the matter to the cybercrime unit of its home state Tamil Nadu and federal cybersecurity agency CERT-In.
“Unauthorized access and dissemination of customer information is illegal, and we are actively working with law enforcement agencies to combat this criminal activity,” the company said in a statement. Star Health assures its customers and partners that their privacy is important to us. Important”.
Star Health, India’s largest health insurer, said in a stock exchange filing on August 14 that it was investigating an alleged breach of “certain claims data”.
Representatives of CERT-In and the Tamil Nadu Cyber Crime Branch did not respond to emailed requests for comment.
Stranger
Telegram allows individuals or organizations to store and share large amounts of data under anonymous accounts. It also allows them to create customizable chatbots that automatically provide content and functionality based on user requests.
Two chatbots provide celebrity health data. Claim documents are available in PDF format. The second feature allows users to request up to 20 samples from a 31.2 million data set with just one click, with details including policy number, name and even body mass index.
The documents disclosed to Askume include records related to the treatment of policyholder Sandeep TS’s one-year-old daughter at a hospital in the southern state of Kerala. The records included diagnoses, blood test results, medical history and a bill of about 15,000 rupees ($179).
Confirming the authenticity of the document, Sandeep said, “This sounds worrying. Do you know how this will affect me?” He added that Star Health has not informed him about any data breach.
The chatbot also leaked claims filed by policyholder Pankaj Subhash Malhotra last year, including ultrasound imaging test results, details of illness and copies of federal tax accounts and national identity cards. He also confirmed that the documents were authentic and said he was unaware of any security breach.
The Star Health chatbot is part of a wider trend of hackers using such methods to sell stolen content. NordVPN’s latest investigation of the pandemic in late 2022 revealed that of the 5 million people whose data was sold via chatbots, India had the highest number of victims at 12%.
“It’s natural to obtain sensitive information through Telegram because Telegram is an easy-to-use storefront,” said Adrianus Warmenhoven, a cybersecurity expert at NordVPN. “Telegram has become an easy way for criminals to communicate.”
