Data Breach at Star Health: Hacker Uses Telegram Chatbots to Leak Sensitive Data
Data Breach at Star Health: Hacker Uses Telegram Chatbots to Leak Sensitive Data
Share:

Star Health, a leading health insurance provider in India, is in the spotlight following allegations that a hacker is using Telegram chatbots to leak personal information and medical reports of its policyholders. The insurer has taken legal action against both Telegram and the hacker, seeking to block access to these chatbots.

A court in Tamil Nadu has granted Star Health a temporary injunction against Telegram, demanding the removal of any chatbots or websites in India that distribute this sensitive data. In a public notice, the company described the hacking incident as “illegal” and an unauthorized breach of confidential information.

According to reports, the hacker is selling personal details of millions of people through these chatbots. The hacker claimed to a security researcher that samples of the data could be accessed through requests made to the chatbots. Star Health, which has a market capitalization exceeding $4 billion, reported the data breach to local authorities, stating that their initial assessment revealed no widespread compromise of sensitive customer data.

However, testing revealed that the chatbots could be used to download policy documents containing names, addresses, phone numbers, and medical information. This situation follows recent scrutiny of Telegram's security features after its founder faced accusations of allowing the platform to be misused for criminal activities.

The chatbots, identified by the name “xenZen,” have reportedly been operational since early August. A security researcher discovered them while posing as a buyer on an online hacker forum, where the user claimed to have access to over 31 million records from Star Health. Although the data can be accessed for free in small amounts via the chatbots, bulk access is available for sale.

In initial tests, over 1,500 files were downloaded, some dating back to July 2024. The welcome message of the chatbots warned users that if one bot were taken down, another would quickly take its place. Following alerts from various sources, Telegram confirmed that the chatbots were taken down within 24 hours. However, new chatbots have emerged since then.

Star Health reported that an individual contacted them in August claiming to have access to sensitive data, prompting them to notify the cybercrime department of Tamil Nadu and the federal cybersecurity agency CERT-In. The company emphasized that it is committed to protecting customer privacy and is actively collaborating with law enforcement to address the breach.

In a stock exchange filing, Star Health acknowledged that they were investigating an alleged breach involving limited claims data. The insurance provider has not publicly commented on the specific details of the leak or how many policyholders might be affected.

This incident highlights the growing trend of hackers exploiting platforms like Telegram to sell stolen data, with India having the highest number of victims. Cybersecurity experts have noted that the user-friendly nature of Telegram makes it an appealing option for criminals looking to distribute sensitive information.

CERT-In Warns of Serious Vulnerabilities in Apple Devices: Check Details Here

Meta Bans Russian State Media for Alleged Foreign Interference

UK Telecom Reveals World Faces 2,000 Cyberattacks Every Second

Share:
Join NewsTrack Whatsapp group
Related News