Summarize

Simplifying... Inshort

Star Health Insurance, a $4 billion company, is grappling with a data leak where over 31 million customers' details were exposed via Telegram chatbots.
UK-based researcher, Jason Parker, discovered these bots, allegedly created by a user named xenZen, who claimed to have over 7.24TB of Star Health data.
Despite Telegram's swift action to remove these bots, new ones have surfaced, leading to increased scrutiny of Telegram's chatbot feature and its potential misuse.

Was a long read? Making it simpler...

Next Article

Telegram chatbots were used to leak Star Health Insurance data

Star Health Insurance data leak: 31M+ customers exposed on Telegram

By Akash Pandey

Sep 20, 2024

02:04 pm

What's the story

A hacker has reportedly used Telegram chatbots to leak confidential customer data from Star Health, one of the largest health insurance providers in India. The leaked information includes medical reports and personal details of millions of policyholders. This security breach comes on the heels of allegations against Telegram's founder, Pavel Durov, for enabling criminal activities through his messaging app.

Company's statement

Insurance provider responds to data breach allegations

In response to the alleged unauthorized data access, Star Health has issued a statement. The company, valued at over $4 billion, has reported the incident to local authorities. Despite initial assessments suggesting no widespread compromise and assuring that sensitive customer data remains secure, Reuters was able to download policy and claims documents via these chatbots. These documents contained personal information such as names, phone numbers, addresses, tax details, copies of ID cards as well as medical test results and diagnoses.

Feature misuse

Telegram's chatbot feature under scrutiny

The ability to create chatbots has significantly contributed to Telegram's growth as a leading messaging app with 900 million active monthly users. However, this feature is now under scrutiny due to its potential misuse for cybercrimes. The arrest of Durov in France last month has intensified this scrutiny, focusing on content moderation and features that could be exploited for illegal purposes. Both Durov and Telegram have denied any wrongdoing and are addressing these criticisms by introducing privacy-focused features.

Chatbot discovery

Security researcher uncovers chatbots leaking Star Health data

UK-based security researcher Jason Parker discovered the chatbots leaking Star Health data. These bots, operational since at least August 6, display a welcome message stating they are "by xenZen." Parker interacted with a user named xenZen on an online hacker forum who claimed to have created these bots and possessed over 7.24TB data related to over 31 million Star Health customers. The data is freely available via the bot on a random basis but can also be purchased in bulk.

Action taken

Telegram takes action against data-leaking chatbots

After being alerted about the data-leaking bots on September 16, Telegram took them down within 24 hours. The company's spokesperson, Remi Vaughn, stated that private information sharing is strictly prohibited on their platform and is removed whenever discovered. Despite this action, new chatbots offering Star Health data have since emerged. Following the data leak, Star Health has been actively collaborating with law enforcement to address this illegal activity.