Stolen customer data, including medical records, from India’s largest health insurer, Star Health, has been found publicly accessible through chatbots on the Telegram messaging app. This discovery comes just weeks after Telegram founder Pavel Durov faced scrutiny for the app’s alleged role in facilitating criminal activity.
Security researcher Jason Parker alerted Reuters to the existence of these chatbots, which offer policy and claims documents containing sensitive customer information such as names, phone numbers, addresses, tax details, copies of ID cards, medical diagnoses, and test results.
The individual claiming to have created the chatbots, using the alias “xenZen”, stated on a hacker forum that they possess 7.24 terabytes of data belonging to over 31 million Star Health customers. The data is being offered for free on a limited basis through the chatbots but is also available for bulk purchases.
Telegram’s Role and Response
Telegram’s popularity, with over 900 million active monthly users, is partly attributed to its user-friendly chatbot functionality. However, the app has faced criticism for its content moderation practices and vulnerability to abuse by malicious actors.
Following Reuters’ report, Telegram took down the initial chatbots offering Star Health data. However, new chatbots have since emerged, highlighting the challenge of preventing the misuse of the platform.
“The sharing of private information on Telegram is expressly forbidden and is removed whenever it is found,” stated Telegram spokesperson Remi Vaughn. “Moderators use a combination of proactive monitoring, AI tools and user reports to remove millions of pieces of harmful content each day.”
Star Health’s Response
Star Health confirmed that it had been contacted by an individual claiming to have access to its data and has reported the matter to law enforcement agencies. The company stated that an initial assessment revealed “no widespread compromise” and that “sensitive customer data remains secure”.
However, policyholders whose data was accessed through the chatbots told Reuters that they had not been notified by Star Health about any data breach.
Source: https://www.businesstoday.in/technology/news/story/stolen-star-health-customer-data-exposed-via-telegram-chatbots-raising-security-concerns-in-india-446756-2024-09-20