Star Health’s massive data breach: Telegram chatbots expose sensitive information
2 min readSensitive customer data from Star Health, India’s largest health insurer, has been made publicly accessible via chatbots on Telegram, as reported by Reuters. This comes on the heels of allegations against Telegram’s founder of facilitating criminal activities through the app. A security researcher, who wished to remain anonymous, brought this issue to Reuters’ attention. The researcher revealed that a user, who goes by the name xenZen, claimed to operate the chatbots and stated that the private details of millions of individuals were up for sale.
The chatbots in question allow users to request samples of this stolen data, which includes a wide range of personal and sensitive information such as names, phone numbers, addresses, tax details, copies of IDs, medical test results, and diagnoses. Star Health and Allied Insurance, a company valued at over $4 billion, confirmed to Reuters that they had reported the unauthorized access to local authorities.
The company’s initial assessment found no widespread compromise and assured that sensitive customer data remains secure. However, Reuters was able to download numerous policy and claims documents through the chatbots, raising serious concerns about the security of the data.
With its user-friendly chatbot feature, Telegram has seen significant growth, boasting 900 million active users worldwide. However, the recent arrest of its founder, Pavel Durov, in Francehas intensified scrutiny of the app’s content moderation and its susceptibility to misuse. The Star Health chatbots, which have been operational since at least August 6, reportedly have access to an astounding 7.24 terabytes of data belonging to over 31 million customers. The data is available in small quantities for free but can also be purchased in bulk.
Reuters successfully downloaded over 1,500 files in testing the bots, with some documents dating back to July 2024. One message within the bot ominously stated, If this bot gets taken down, watch out; another one will be available in a few hours, indicating the persistent nature of this illicit activity.
After being notified by Reuters, Telegram labeled the chatbots as SCAM and reported that they were taken down within 24 hours. However, new chatbots offering the same stolen data have already surfaced.
Star Health revealed they were first contacted about the breach on August 13, prompting them to report the matter to the cybercrime department in Tamil Naduand India’s federal cybersecurity agency, CERT-In. In a statement, they emphasized the legality of unauthorized data acquisition and their commitment to customer privacy.
In an August 14 stock exchange filing, Star Health acknowledged that they were investigating an alleged breach affecting a few claims data.