Hacker Exploits Telegram Chatbots to Leak Star Health Insurance Customer Data

Hacker uses Telegram chatbots to leak data of Star Health Insurance: Report

Stolen customer data including medical reports from India's biggest health insurer, Star Health, is publicly accessible via chatbots on Telegram, just weeks after Telegram's founder was accused of allowing the messenger app to facilitate crime. The purported creator of the chatbots told a security researcher, who alerted Reuters to the issue, that private details of millions of people were for sale and that samples could be viewed by asking the chatbots to divulge. Click here to connect with us on WhatsApp Star Health and Allied Insurance, whose market capitalization exceeds $4 billion, in a statement to Reuters said it has reported alleged unauthorized data access to local authorities. It said an initial assessment showed "no widespread compromise" and that "sensitive customer data remains secure". Using the chatbots, Reuters was able to download policy and claims documents featuring names, phone numbers, addresses, tax details, copies of ID cards, test results and medical diagnoses. The ability for users to create chatbots is widely credited with helping Dubai-based Telegram become one of the world's biggest messenger apps with 900 million active monthly users. However, the arrest of Russian-born founder Pavel Durov in France last month has increased scrutiny of Telegram's content moderation and features open to abuse for criminal ends. Durov and Telegram denied wrongdoing and are addressing the criticism. More From This Section Internship Scheme: Govt to list out 500 companies based on CSR spend ATGL enters into financing framework, to raise $ 375 mn in initial round HDFC Bank's subsidiary HDB Financial Services board clears IPO plans Hyatt PE in India be taxed even if global entity earns losses: Delhi HC EQT to acquire 100% stake in Indostar Home Finance for Rs 1,750 crore The use of Telegram chatbots to sell stolen data demonstrates the difficulty the app has in preventing nefarious agents taking advantage of its technology and highlights the challenges Indian companies face in keeping their data safe. The Star Health chatbots feature a welcome message stating they are "by xenZen" and have been operational since at least Aug. 6, said UK-based security researcher Jason Parker. Parker said he posed as a potential buyer on a online hacker forum where a user under the alias xenZen said they made the chatbots and possessed 7.24 terabytes of data related to over 31 million Star Health customers. The data is free via the chatbot on a random, piecemeal basis, but for sale in bulk form. Reuters could neither independently verify xenZen's claims nor ascertain how the chatbot creator obtained the data. In an email to Reuters, xenZen said they were in discussions with buyers without disclosing who or why they were interested. Taken Down In testing the bots, Reuters downloaded more than 1,500 files with some documents dated as recently as July 2024. "If this bot gets taken down watch out and another one will be made available in few hours," the welcome message read. The chatbots were later marked "SCAM" with a stock warning that users had reported them as suspect. Reuters shared details of the chatbots with Telegram on Sept. 16 and within 24 hours spokesperson Remi Vaughn said they had been "taken down" and asked to be informed should more appear. "The sharing of private information on Telegram is expressly forbidden and is removed whenever it is found. Moderators use a combination of proactive monitoring, AI tools and user reports to remove millions of pieces of harmful content each day." New chatbots have since appeared offering Star Health data. Star Health said an unidentified person contacted it on Aug. 13 claiming to have access to some of its data. The insurer reported the matter to the cybercrime department of its home state of Tamil Nadu and federal cyber security agency CERT-In. "The unauthorized acquisition and dissemination of customer data is illegal, and we are actively working with law enforcement to address this criminal activity. Star Health assures its customers and partners that their privacy is of paramount importance to us," it said in its statement. In an Aug. 14 stock exchange filing, Star Health, India's biggest player among standalone health insurance providers, said it was investigating an alleged breach of "a few claims data". Representatives for CERT-In and the Tamil Nadu cybercrime department did not respond to emailed requests for comment. Unaware Telegram allows individuals or organizations to store and share large amounts of data behind anonymous accounts. It also lets them create customizable chatbots which automatically provide content and features based on user requests. Two chatbots distribute Star Health data. One offers claim documents in PDF format. The other allows users to request up to 20 samples from 31.2 million datasets with a single click giving details including policy number, name and even body mass index. Among documents disclosed to Reuters were records related to the treatment of the one-year-old daughter of policyholder Sandeep TS at a hospital in the southern state of Kerala. The records included diagnosis, blood test results, medical history and a bill of nearly 15,000 rupees ($179). "It sounds concerning. Do you know how this can affect me?" said Sandeep, confirming the documents' authenticity. He said Star Health had not notified him of any data leak. The chatbot also leaked a claim last year by policyholder Pankaj Subhash Malhotra which included ultrasound imaging test results, details of illness and copies of federal tax account and national ID cards. He also confirmed the documents were genuine and said he was not made aware of any security breach. The Star Health chatbots are part of a broader trend of hackers using such methods to sell stolen data. Of five million people whose data was sold via chatbots, India represented the largest number of victims at 12%, showed the latest survey on the epidemic conducted by NordVPN at the end of 2022. "The fact that sensitive data is available via Telegram is natural, because Telegram is an easy-to-use storefront," said NordVPN cybersecurity expert Adrianus Warmenhoven. "Telegram has become an easier to use method for criminals to interact." Also Read Cybercrime becoming major threat, need technical expertise for safety: MoS Whale phishing scam explained: How it works and tips to protect yourself Payment aggregators to create 'negative' database to tackle digital fraud Philippine officials detain over 160 for suspected cybercrime operation Telegram under scanner for extortion, gambling; messaging app may face ban

Hacker uses Telegram chatbots to leak data of top Indian insurer Star Health

Customer data from India's largest health insurer, Star Health, has been leaked and is accessible via Telegram chatbots. The data includes sensitive information such as medical reports and personal details. Star Health has reported the breach to authorities and claims that sensitive customer data remains secure despite the incident.Stolen customer data including medical reports from India's biggest health insurer, Star Health, is publicly accessible via chatbots on Telegram, just weeks after Telegram's founder was accused of allowing the messenger app to facilitate crime. The purported creator of the chatbots told a security researcher, who alerted Reuters to the issue, that private details of millions of people were for sale and that samples could be viewed by asking the chatbots to divulge. Star Health and Allied Insurance, whose market capitalization exceeds $4 billion, in a statement to Reuters said it has reported alleged unauthorized data access to local authorities. It said an initial assessment showed "no widespread compromise" and that "sensitive customer data remains secure". Using the chatbots, Reuters was able to download policy and claims documents featuring names, phone numbers, addresses, tax details, copies of ID cards, test results and medical diagnoses. The ability for users to create chatbots is widely credited with helping Dubai-based Telegram become one of the world's biggest messenger apps with 900 million active monthly users. However, the arrest of Russian-born founder Pavel Durov in France last month has increased scrutiny of Telegram's content moderation and features open to abuse for criminal ends. Durov and Telegram denied wrongdoing and are addressing the criticism. The use of Telegram chatbots to sell stolen data demonstrates the difficulty the app has in preventing nefarious agents taking advantage of its technology and highlights the challenges Indian companies face in keeping their data safe. The Star Health chatbots feature a welcome message stating they are "by xenZen" and have been operational since at least Aug. 6, said UK-based security researcher Jason Parker. Parker said he posed as a potential buyer on a online hacker forum where a user under the alias xenZen said they made the chatbots and possessed 7.24 terabytes of data related to over 31 million Star Health customers. The data is free via the chatbot on a random, piecemeal basis, but for sale in bulk form. Reuters could neither independently verify xenZen's claims nor ascertain how the chatbot creator obtained the data. In an email to Reuters, xenZen said they were in discussions with buyers without disclosing who or why they were interested. TAKEN DOWN In testing the bots, Reuters downloaded more than 1,500 files with some documents dated as recently as July 2024. "If this bot gets taken down watch out and another one will be made available in few hours," the welcome message read. The chatbots were later marked "SCAM" with a stock warning that users had reported them as suspect. Reuters shared details of the chatbots with Telegram on Sept. 16 and within 24 hours spokesperson Remi Vaughn said they had been "taken down" and asked to be informed should more appear. "The sharing of private information on Telegram is expressly forbidden and is removed whenever it is found. Moderators use a combination of proactive monitoring, AI tools and user reports to remove millions of pieces of harmful content each day." New chatbots have since appeared offering Star Health data. Star Health said an unidentified person contacted it on Aug. 13 claiming to have access to some of its data. The insurer reported the matter to the cybercrime department of its home state of Tamil Nadu and federal cyber security agency CERT-In. "The unauthorized acquisition and dissemination of customer data is illegal, and we are actively working with law enforcement to address this criminal activity. Star Health assures its customers and partners that their privacy is of paramount importance to us," it said in its statement. In an Aug. 14 stock exchange filing, Star Health, India's biggest player among standalone health insurance providers, said it was investigating an alleged breach of "a few claims data". Representatives for CERT-In and the Tamil Nadu cybercrime department did not respond to emailed requests for comment. UNAWARE Telegram allows individuals or organizations to store and share large amounts of data behind anonymous accounts. It also lets them create customizable chatbots which automatically provide content and features based on user requests. Two chatbots distribute Star Health data. One offers claim documents in PDF format. The other allows users to request up to 20 samples from 31.2 million datasets with a single click giving details including policy number, name and even body mass index. Among documents disclosed to Reuters were records related to the treatment of the one-year-old daughter of policyholder Sandeep TS at a hospital in the southern state of Kerala. The records included diagnosis, blood test results, medical history and a bill of nearly 15,000 rupees ($179). "It sounds concerning. Do you know how this can affect me?" said Sandeep, confirming the documents' authenticity. He said Star Health had not notified him of any data leak. The chatbot also leaked a claim last year by policyholder Pankaj Subhash Malhotra which included ultrasound imaging test results, details of illness and copies of federal tax account and national ID cards. He also confirmed the documents were genuine and said he was not made aware of any security breach. The Star Health chatbots are part of a broader trend of hackers using such methods to sell stolen data. Of five million people whose data was sold via chatbots, India represented the largest number of victims at 12%, showed the latest survey on the epidemic conducted by NordVPN at the end of 2022. "The fact that sensitive data is available via Telegram is natural, because Telegram is an easy-to-use storefront," said NordVPN cybersecurity expert Adrianus Warmenhoven. "Telegram has become an easier to use method for criminals to interact."

Hacker uses Telegram chatbots to leak customer medical reports from Star Health

Stolen customer data from India's largest health insurer, Star Health, is accessible via Telegram chatbots. The data includes sensitive information such as medical reports and ID cards. Despite Star Health's claim of no widespread compromise, the incident raises concerns about data security. Authorities are investigating the breach.Stolen customer data including medical reports from India's biggest health insurer, Star Health, is publicly accessible via chatbots on Telegram, just weeks after Telegram's founder was accused of allowing the messenger app to facilitate crime. The purported creator of the chatbots told a security researcher, who alerted Reuters to the issue, that private details of millions of people were for sale and that samples could be viewed by asking the chatbots to divulge. Star Health and Allied Insurance, whose market capitalization exceeds $4 billion, in a statement to Reuters said it has reported alleged unauthorized data access to local authorities. It said an initial assessment showed "no widespread compromise" and that "sensitive customer data remains secure". Using the chatbots, Reuters was able to download policy and claims documents featuring names, phone numbers, addresses, tax details, copies of ID cards, test results and medical diagnoses. The ability for users to create chatbots is widely credited with helping Dubai-based Telegram become one of the world's biggest messenger apps with 900 million active monthly users. However, the arrest of Russian-born founder Pavel Durov in France last month has increased scrutiny of Telegram's content moderation and features open to abuse for criminal ends. Durov and Telegram denied wrongdoing and are addressing the criticism. The use of Telegram chatbots to sell stolen data demonstrates the difficulty the app has in preventing nefarious agents taking advantage of its technology and highlights the challenges Indian companies face in keeping their data safe. The Star Health chatbots feature a welcome message stating they are "by xenZen" and have been operational since at least Aug. 6, said UK-based security researcher Jason Parker. Parker said he posed as a potential buyer on a online hacker forum where a user under the alias xenZen said they made the chatbots and possessed 7.24 terabytes of data related to over 31 million Star Health customers. The data is free via the chatbot on a random, piecemeal basis, but for sale in bulk form. Reuters could neither independently verify xenZen's claims nor ascertain how the chatbot creator obtained the data. In an email to Reuters, xenZen said they were in discussions with buyers without disclosing who or why they were interested. TAKEN DOWN In testing the bots, Reuters downloaded more than 1,500 files with some documents dated as recently as July 2024. "If this bot gets taken down watch out and another one will be made available in few hours," the welcome message read. The chatbots were later marked "SCAM" with a stock warning that users had reported them as suspect. Reuters shared details of the chatbots with Telegram on Sept. 16 and within 24 hours spokesperson Remi Vaughn said they had been "taken down" and asked to be informed should more appear. "The sharing of private information on Telegram is expressly forbidden and is removed whenever it is found. Moderators use a combination of proactive monitoring, AI tools and user reports to remove millions of pieces of harmful content each day." New chatbots have since appeared offering Star Health data. Star Health said an unidentified person contacted it on Aug. 13 claiming to have access to some of its data. The insurer reported the matter to the cybercrime department of its home state of Tamil Nadu and federal cyber security agency CERT-In. "The unauthorized acquisition and dissemination of customer data is illegal, and we are actively working with law enforcement to address this criminal activity. Star Health assures its customers and partners that their privacy is of paramount importance to us," it said in its statement. In an Aug. 14 stock exchange filing, Star Health, India's biggest player among standalone health insurance providers, said it was investigating an alleged breach of "a few claims data". Representatives for CERT-In and the Tamil Nadu cybercrime department did not respond to emailed requests for comment. UNAWARE Telegram allows individuals or organizations to store and share large amounts of data behind anonymous accounts. It also lets them create customizable chatbots which automatically provide content and features based on user requests. Two chatbots distribute Star Health data. One offers claim documents in PDF format. The other allows users to request up to 20 samples from 31.2 million datasets with a single click giving details including policy number, name and even body mass index. Among documents disclosed to Reuters were records related to the treatment of the one-year-old daughter of policyholder Sandeep TS at a hospital in the southern state of Kerala. The records included diagnosis, blood test results, medical history and a bill of nearly 15,000 rupees ($179). "It sounds concerning. Do you know how this can affect me?" said Sandeep, confirming the documents' authenticity. He said Star Health had not notified him of any data leak. The chatbot also leaked a claim last year by policyholder Pankaj Subhash Malhotra which included ultrasound imaging test results, details of illness and copies of federal tax account and national ID cards. He also confirmed the documents were genuine and said he was not made aware of any security breach. The Star Health chatbots are part of a broader trend of hackers using such methods to sell stolen data. Of five million people whose data was sold via chatbots, India represented the largest number of victims at 12%, showed the latest survey on the epidemic conducted by NordVPN at the end of 2022. "The fact that sensitive data is available via Telegram is natural, because Telegram is an easy-to-use storefront," said NordVPN cybersecurity expert Adrianus Warmenhoven. "Telegram has become an easier to use method for criminals to interact."

Hacker uses Telegram chatbots to leak data of top Indian insurer Star Health

Stolen customer data including medical reports from India's biggest health insurer, Star Health, is publicly accessible via chatbots on Telegram, just weeks after Telegram's founder was accused of allowing the messenger app to facilitate crime. The purported creator of the chatbots told a security researcher, who alerted Reuters to the issue, that private details of millions of people were for sale and that samples could be viewed by asking the chatbots to divulge. Star Health and Allied Insurance, whose market capitalization exceeds $4 billion, in a statement to Reuters said it has reported alleged unauthorized data access to local authorities. It said an initial assessment showed "no widespread compromise" and that "sensitive customer data remains secure". Using the chatbots, Reuters was able to download policy and claims documents featuring names, phone numbers, addresses, tax details, copies of ID cards, test results and medical diagnoses. The ability for users to create chatbots is widely credited with helping Dubai-based Telegram become one of the world's biggest messenger apps with 900 million active monthly users. However, the arrest of Russian-born founder Pavel Durov in France last month has increased scrutiny of Telegram's content moderation and features open to abuse for criminal ends. Durov and Telegram denied wrongdoing and are addressing the criticism. The use of Telegram chatbots to sell stolen data demonstrates the difficulty the app has in preventing nefarious agents taking advantage of its technology and highlights the challenges Indian companies face in keeping their data safe. The Star Health chatbots feature a welcome message stating they are "by xenZen" and have been operational since at least Aug. 6, said UK-based security researcher Jason Parker. Parker said he posed as a potential buyer on a online hacker forum where a user under the alias xenZen said they made the chatbots and possessed 7.24 terabytes of data related to over 31 million Star Health customers. The data is free via the chatbot on a random, piecemeal basis, but for sale in bulk form. Reuters could neither independently verify xenZen's claims nor ascertain how the chatbot creator obtained the data. In an email to Reuters, xenZen said they were in discussions with buyers without disclosing who or why they were interested. Data taken down In testing the bots, Reuters downloaded more than 1,500 files with some documents dated as recently as July 2024. "If this bot gets taken down watch out and another one will be made available in few hours," the welcome message read. The chatbots were later marked "SCAM" with a stock warning that users had reported them as suspect. Reuters shared details of the chatbots with Telegram on Sept. 16 and within 24 hours spokesperson Remi Vaughn said they had been "taken down" and asked to be informed should more appear. "The sharing of private information on Telegram is expressly forbidden and is removed whenever it is found. Moderators use a combination of proactive monitoring, AI tools and user reports to remove millions of pieces of harmful content each day." New chatbots have since appeared offering Star Health data. Star Health said an unidentified person contacted it on Aug. 13 claiming to have access to some of its data. The insurer reported the matter to the cybercrime department of its home state of Tamil Nadu and federal cyber security agency CERT-In. "The unauthorized acquisition and dissemination of customer data is illegal, and we are actively working with law enforcement to address this criminal activity. Star Health assures its customers and partners that their privacy is of paramount importance to us," it said in its statement. In an Aug. 14 stock exchange filing, Star Health, India's biggest player among standalone health insurance providers, said it was investigating an alleged breach of "a few claims data". Representatives for CERT-In and the Tamil Nadu cybercrime department did not respond to emailed requests for comment. Unaware Telegram allows individuals or organizations to store and share large amounts of data behind anonymous accounts. It also lets them create customizable chatbots which automatically provide content and features based on user requests. Two chatbots distribute Star Health data. One offers claim documents in PDF format. The other allows users to request up to 20 samples from 31.2 million datasets with a single click giving details including policy number, name and even body mass index. Among documents disclosed to Reuters were records related to the treatment of the one-year-old daughter of policyholder Sandeep TS at a hospital in the southern state of Kerala. The records included diagnosis, blood test results, medical history and a bill of nearly 15,000 rupees ($179). "It sounds concerning. Do you know how this can affect me?" said Sandeep, confirming the documents' authenticity. He said Star Health had not notified him of any data leak. The chatbot also leaked a claim last year by policyholder Pankaj Subhash Malhotra which included ultrasound imaging test results, details of illness and copies of federal tax account and national ID cards. He also confirmed the documents were genuine and said he was not made aware of any security breach. The Star Health chatbots are part of a broader trend of hackers using such methods to sell stolen data. Of five million people whose data was sold via chatbots, India represented the largest number of victims at 12%, showed the latest survey on the epidemic conducted by NordVPN at the end of 2022. "The fact that sensitive data is available via Telegram is natural, because Telegram is an easy-to-use storefront," said NordVPN cybersecurity expert Adrianus Warmenhoven. "Telegram has become an easier to use method for criminals to interact." Published - September 20, 2024 05:12 pm IST Read Comments

Exclusive-Hacker uses Telegram chatbots to leak data of top Indian insurer Star Health

WASHINGTON/BENGALURU (Reuters) - Stolen customer data including medical reports from India's biggest health insurer, Star Health, is publicly accessible via chatbots on Telegram, just weeks after Telegram's founder was accused of allowing the messenger app to facilitate crime. The purported creator of the chatbots told a security researcher, who alerted Reuters to the issue, that private details of millions of people were for sale and that samples could be viewed by asking the chatbots to divulge. Star Health and Allied Insurance, whose market capitalization exceeds $4 billion, in a statement to Reuters said it has reported alleged unauthorized data access to local authorities. It said an initial assessment showed "no widespread compromise" and that "sensitive customer data remains secure". Using the chatbots, Reuters was able to download policy and claims documents featuring names, phone numbers, addresses, tax details, copies of ID cards, test results and medical diagnoses. The ability for users to create chatbots is widely credited with helping Dubai-based Telegram become one of the world's biggest messenger apps with 900 million active monthly users. However, the arrest of Russian-born founder Pavel Durov in France last month has increased scrutiny of Telegram's content moderation and features open to abuse for criminal ends. Durov and Telegram denied wrongdoing and are addressing the criticism. The use of Telegram chatbots to sell stolen data demonstrates the difficulty the app has in preventing nefarious agents taking advantage of its technology and highlights the challenges Indian companies face in keeping their data safe. The Star Health chatbots feature a welcome message stating they are "by xenZen" and have been operational since at least Aug. 6, said UK-based security researcher Jason Parker. Parker said he posed as a potential buyer on a online hacker forum where a user under the alias xenZen said they made the chatbots and possessed 7.24 terabytes of data related to over 31 million Star Health customers. The data is free via the chatbot on a random, piecemeal basis, but for sale in bulk form. Reuters could neither independently verify xenZen's claims nor ascertain how the chatbot creator obtained the data. In an email to Reuters, xenZen said they were in discussions with buyers without disclosing who or why they were interested. TAKEN DOWN In testing the bots, Reuters downloaded more than 1,500 files with some documents dated as recently as July 2024. "If this bot gets taken down watch out and another one will be made available in few hours," the welcome message read. The chatbots were later marked "SCAM" with a stock warning that users had reported them as suspect. Reuters shared details of the chatbots with Telegram on Sept. 16 and within 24 hours spokesperson Remi Vaughn said they had been "taken down" and asked to be informed should more appear. "The sharing of private information on Telegram is expressly forbidden and is removed whenever it is found. Moderators use a combination of proactive monitoring, AI tools and user reports to remove millions of pieces of harmful content each day." New chatbots have since appeared offering Star Health data. Star Health said an unidentified person contacted it on Aug. 13 claiming to have access to some of its data. The insurer reported the matter to the cybercrime department of its home state of Tamil Nadu and federal cyber security agency CERT-In. "The unauthorized acquisition and dissemination of customer data is illegal, and we are actively working with law enforcement to address this criminal activity. Star Health assures its customers and partners that their privacy is of paramount importance to us," it said in its statement. In an Aug. 14 stock exchange filing, Star Health, India's biggest player among standalone health insurance providers, said it was investigating an alleged breach of "a few claims data". Representatives for CERT-In and the Tamil Nadu cybercrime department did not respond to emailed requests for comment. UNAWARE Telegram allows individuals or organizations to store and share large amounts of data behind anonymous accounts. It also lets them create customizable chatbots which automatically provide content and features based on user requests. Two chatbots distribute Star Health data. One offers claim documents in PDF format. The other allows users to request up to 20 samples from 31.2 million datasets with a single click giving details including policy number, name and even body mass index. Among documents disclosed to Reuters were records related to the treatment of the one-year-old daughter of policyholder Sandeep TS at a hospital in the southern state of Kerala. The records included diagnosis, blood test results, medical history and a bill of nearly 15,000 rupees ($179). "It sounds concerning. Do you know how this can affect me?" said Sandeep, confirming the documents' authenticity. He said Star Health had not notified him of any data leak. The chatbot also leaked a claim last year by policyholder Pankaj Subhash Malhotra which included ultrasound imaging test results, details of illness and copies of federal tax account and national ID cards. He also confirmed the documents were genuine and said he was not made aware of any security breach. The Star Health chatbots are part of a broader trend of hackers using such methods to sell stolen data. Of five million people whose data was sold via chatbots, India represented the largest number of victims at 12%, showed the latest survey on the epidemic conducted by NordVPN at the end of 2022. "The fact that sensitive data is available via Telegram is natural, because Telegram is an easy-to-use storefront," said NordVPN cybersecurity expert Adrianus Warmenhoven. "Telegram has become an easier to use method for criminals to interact." (Reporting by Christopher Bing and Munsif Vengattil; Editing by Aditya Kalra and Christopher Cushing)

Hacker uses Telegram chatbots to leak data of top Indian insurer Star Health

WASHINGTON/BENGALURU - Stolen customer data including medical reports from India's biggest health insurer, Star Health, is publicly accessible via chatbots on Telegram, just weeks after Telegram's founder was accused of allowing the messenger app to facilitate crime. The purported creator of the chatbots told a security researcher, who alerted Reuters to the issue, that private details of millions of people were for sale and that samples could be viewed by asking the chatbots to divulge. Star Health and Allied Insurance, whose market capitalization exceeds $4 billion, in a statement to Reuters said it has reported alleged unauthorized data access to local authorities. It said an initial assessment showed "no widespread compromise" and that "sensitive customer data remains secure". Using the chatbots, Reuters was able to download policy and claims documents featuring names, phone numbers, addresses, tax details, copies of ID cards, test results and medical diagnoses. The ability for users to create chatbots is widely credited with helping Dubai-based Telegram become one of the world's biggest messenger apps with 900 million active monthly users. However, the arrest of Russian-born founder Pavel Durov in France last month has increased scrutiny of Telegram's content moderation and features open to abuse for criminal ends. Durov and Telegram denied wrongdoing and are addressing the criticism. The use of Telegram chatbots to sell stolen data demonstrates the difficulty the app has in preventing nefarious agents taking advantage of its technology and highlights the challenges Indian companies face in keeping their data safe. The Star Health chatbots feature a welcome message stating they are "by xenZen" and have been operational since at least Aug. 6, said UK-based security researcher Jason Parker. Parker said he posed as a potential buyer on a online hacker forum where a user under the alias xenZen said they made the chatbots and possessed 7.24 terabytes of data related to over 31 million Star Health customers. The data is free via the chatbot on a random, piecemeal basis, but for sale in bulk form. Reuters could neither independently verify xenZen's claims nor ascertain how the chatbot creator obtained the data. In an email to Reuters, xenZen said they were in discussions with buyers without disclosing who or why they were interested. TAKEN DOWN In testing the bots, Reuters downloaded more than 1,500 files with some documents dated as recently as July 2024. "If this bot gets taken down watch out and another one will be made available in few hours," the welcome message read. The chatbots were later marked "SCAM" with a stock warning that users had reported them as suspect. Reuters shared details of the chatbots with Telegram on Sept. 16 and within 24 hours spokesperson Remi Vaughn said they had been "taken down" and asked to be informed should more appear. "The sharing of private information on Telegram is expressly forbidden and is removed whenever it is found. Moderators use a combination of proactive monitoring, AI tools and user reports to remove millions of pieces of harmful content each day." New chatbots have since appeared offering Star Health data. Star Health said an unidentified person contacted it on Aug. 13 claiming to have access to some of its data. The insurer reported the matter to the cybercrime department of its home state of Tamil Nadu and federal cyber security agency CERT-In. "The unauthorized acquisition and dissemination of customer data is illegal, and we are actively working with law enforcement to address this criminal activity. Star Health assures its customers and partners that their privacy is of paramount importance to us," it said in its statement. In an Aug. 14 stock exchange filing, Star Health, India's biggest player among standalone health insurance providers, said it was investigating an alleged breach of "a few claims data". Representatives for CERT-In and the Tamil Nadu cybercrime department did not respond to emailed requests for comment. UNAWARE Telegram allows individuals or organizations to store and share large amounts of data behind anonymous accounts. It also lets them create customizable chatbots which automatically provide content and features based on user requests. Two chatbots distribute Star Health data. One offers claim documents in PDF format. The other allows users to request up to 20 samples from 31.2 million datasets with a single click giving details including policy number, name and even body mass index. Among documents disclosed to Reuters were records related to the treatment of the one-year-old daughter of policyholder Sandeep TS at a hospital in the southern state of Kerala. The records included diagnosis, blood test results, medical history and a bill of nearly 15,000 rupees ($179). "It sounds concerning. Do you know how this can affect me?" said Sandeep, confirming the documents' authenticity. He said Star Health had not notified him of any data leak. The chatbot also leaked a claim last year by policyholder Pankaj Subhash Malhotra which included ultrasound imaging test results, details of illness and copies of federal tax account and national ID cards. He also confirmed the documents were genuine and said he was not made aware of any security breach. The Star Health chatbots are part of a broader trend of hackers using such methods to sell stolen data. Of five million people whose data was sold via chatbots, India represented the largest number of victims at 12%, showed the latest survey on the epidemic conducted by NordVPN at the end of 2022. "The fact that sensitive data is available via Telegram is natural, because Telegram is an easy-to-use storefront," said NordVPN cybersecurity expert Adrianus Warmenhoven. "Telegram has become an easier to use method for criminals to interact." (Reporting by Christopher Bing and Munsif Vengattil; Editing by Aditya Kalra and Christopher Cushing)

Exclusive-Hacker Uses Telegram Chatbots to Leak Data of Top Indian Insurer Star Health

WASHINGTON/BENGALURU (Reuters) - Stolen customer data including medical reports from India's biggest health insurer, Star Health, is publicly accessible via chatbots on Telegram, just weeks after Telegram's founder was accused of allowing the messenger app to facilitate crime. The purported creator of the chatbots told a security researcher, who alerted Reuters to the issue, that private details of millions of people were for sale and that samples could be viewed by asking the chatbots to divulge. Star Health and Allied Insurance, whose market capitalization exceeds $4 billion, in a statement to Reuters said it has reported alleged unauthorized data access to local authorities. It said an initial assessment showed "no widespread compromise" and that "sensitive customer data remains secure". Using the chatbots, Reuters was able to download policy and claims documents featuring names, phone numbers, addresses, tax details, copies of ID cards, test results and medical diagnoses. The ability for users to create chatbots is widely credited with helping Dubai-based Telegram become one of the world's biggest messenger apps with 900 million active monthly users. However, the arrest of Russian-born founder Pavel Durov in France last month has increased scrutiny of Telegram's content moderation and features open to abuse for criminal ends. Durov and Telegram denied wrongdoing and are addressing the criticism. The use of Telegram chatbots to sell stolen data demonstrates the difficulty the app has in preventing nefarious agents taking advantage of its technology and highlights the challenges Indian companies face in keeping their data safe. The Star Health chatbots feature a welcome message stating they are "by xenZen" and have been operational since at least Aug. 6, said UK-based security researcher Jason Parker. Parker said he posed as a potential buyer on a online hacker forum where a user under the alias xenZen said they made the chatbots and possessed 7.24 terabytes of data related to over 31 million Star Health customers. The data is free via the chatbot on a random, piecemeal basis, but for sale in bulk form. Reuters could neither independently verify xenZen's claims nor ascertain how the chatbot creator obtained the data. In an email to Reuters, xenZen said they were in discussions with buyers without disclosing who or why they were interested. TAKEN DOWN In testing the bots, Reuters downloaded more than 1,500 files with some documents dated as recently as July 2024. "If this bot gets taken down watch out and another one will be made available in few hours," the welcome message read. The chatbots were later marked "SCAM" with a stock warning that users had reported them as suspect. Reuters shared details of the chatbots with Telegram on Sept. 16 and within 24 hours spokesperson Remi Vaughn said they had been "taken down" and asked to be informed should more appear. "The sharing of private information on Telegram is expressly forbidden and is removed whenever it is found. Moderators use a combination of proactive monitoring, AI tools and user reports to remove millions of pieces of harmful content each day." New chatbots have since appeared offering Star Health data. Star Health said an unidentified person contacted it on Aug. 13 claiming to have access to some of its data. The insurer reported the matter to the cybercrime department of its home state of Tamil Nadu and federal cyber security agency CERT-In. "The unauthorized acquisition and dissemination of customer data is illegal, and we are actively working with law enforcement to address this criminal activity. Star Health assures its customers and partners that their privacy is of paramount importance to us," it said in its statement. In an Aug. 14 stock exchange filing, Star Health, India's biggest player among standalone health insurance providers, said it was investigating an alleged breach of "a few claims data". Representatives for CERT-In and the Tamil Nadu cybercrime department did not respond to emailed requests for comment. UNAWARE Telegram allows individuals or organizations to store and share large amounts of data behind anonymous accounts. It also lets them create customizable chatbots which automatically provide content and features based on user requests. Two chatbots distribute Star Health data. One offers claim documents in PDF format. The other allows users to request up to 20 samples from 31.2 million datasets with a single click giving details including policy number, name and even body mass index. Among documents disclosed to Reuters were records related to the treatment of the one-year-old daughter of policyholder Sandeep TS at a hospital in the southern state of Kerala. The records included diagnosis, blood test results, medical history and a bill of nearly 15,000 rupees ($179). "It sounds concerning. Do you know how this can affect me?" said Sandeep, confirming the documents' authenticity. He said Star Health had not notified him of any data leak. The chatbot also leaked a claim last year by policyholder Pankaj Subhash Malhotra which included ultrasound imaging test results, details of illness and copies of federal tax account and national ID cards. He also confirmed the documents were genuine and said he was not made aware of any security breach. The Star Health chatbots are part of a broader trend of hackers using such methods to sell stolen data. Of five million people whose data was sold via chatbots, India represented the largest number of victims at 12%, showed the latest survey on the epidemic conducted by NordVPN at the end of 2022. "The fact that sensitive data is available via Telegram is natural, because Telegram is an easy-to-use storefront," said NordVPN cybersecurity expert Adrianus Warmenhoven. "Telegram has become an easier to use method for criminals to interact." (Reporting by Christopher Bing and Munsif Vengattil; Editing by Aditya Kalra and Christopher Cushing)

Star Health Insurance Data Leaked On Telegram - News18

Stolen customer data including medical reports from India's biggest health insurer, Star Health, is publicly accessible via chatbots on Telegram Stolen customer data including medical reports from India's biggest health insurer, Star Health, is publicly accessible via chatbots on Telegram, just weeks after Telegram's founder was accused of allowing the messenger app to facilitate crime. The purported creator of the chatbots told a security researcher, who alerted Reuters to the issue, that private details of millions of people were for sale and that samples could be viewed by asking the chatbots to divulge. Star Health and Allied Insurance, whose market capitalization exceeds $4 billion, in a statement to Reuters said it has reported alleged unauthorized data access to local authorities. It said an initial assessment showed "no widespread compromise" and that "sensitive customer data remains secure". Using the chatbots, Reuters was able to download policy and claims documents featuring names, phone numbers, addresses, tax details, copies of ID cards, test results and medical diagnoses. The ability for users to create chatbots is widely credited with helping Dubai-based Telegram become one of the world's biggest messenger apps with 900 million active monthly users. However, the arrest of Russian-born founder Pavel Durov in France last month has increased scrutiny of Telegram's content moderation and features open to abuse for criminal ends. Durov and Telegram denied wrongdoing and are addressing the criticism. The use of Telegram chatbots to sell stolen data demonstrates the difficulty the app has in preventing nefarious agents taking advantage of its technology and highlights the challenges Indian companies face in keeping their data safe. The Star Health chatbots feature a welcome message stating they are "by xenZen" and have been operational since at least Aug. 6, said UK-based security researcher Jason Parker. Parker said he posed as a potential buyer on a online hacker forum where a user under the alias xenZen said they made the chatbots and possessed 7.24 terabytes of data related to over 31 million Star Health customers. The data is free via the chatbot on a random, piecemeal basis, but for sale in bulk form. Reuters could neither independently verify xenZen's claims nor ascertain how the chatbot creator obtained the data. In an email to Reuters, xenZen said they were in discussions with buyers without disclosing who or why they were interested. TAKEN DOWN In testing the bots, Reuters downloaded more than 1,500 files with some documents dated as recently as July 2024. "If this bot gets taken down watch out and another one will be made available in few hours," the welcome message read. The chatbots were later marked "SCAM" with a stock warning that users had reported them as suspect. Reuters shared details of the chatbots with Telegram on Sept. 16 and within 24 hours spokesperson Remi Vaughn said they had been "taken down" and asked to be informed should more appear. "The sharing of private information on Telegram is expressly forbidden and is removed whenever it is found. Moderators use a combination of proactive monitoring, AI tools and user reports to remove millions of pieces of harmful content each day." New chatbots have since appeared offering Star Health data. Star Health said an unidentified person contacted it on Aug. 13 claiming to have access to some of its data. The insurer reported the matter to the cybercrime department of its home state of Tamil Nadu and federal cyber security agency CERT-In. "The unauthorized acquisition and dissemination of customer data is illegal, and we are actively working with law enforcement to address this criminal activity. Star Health assures its customers and partners that their privacy is of paramount importance to us," it said in its statement. In an Aug. 14 stock exchange filing, Star Health, India's biggest player among standalone health insurance providers, said it was investigating an alleged breach of "a few claims data". Representatives for CERT-In and the Tamil Nadu cybercrime department did not respond to emailed requests for comment. UNAWARE Telegram allows individuals or organizations to store and share large amounts of data behind anonymous accounts. It also lets them create customizable chatbots which automatically provide content and features based on user requests. Two chatbots distribute Star Health data. One offers claim documents in PDF format. The other allows users to request up to 20 samples from 31.2 million datasets with a single click giving details including policy number, name and even body mass index. Among documents disclosed to Reuters were records related to the treatment of the one-year-old daughter of policyholder Sandeep TS at a hospital in the southern state of Kerala. The records included diagnosis, blood test results, medical history and a bill of nearly 15,000 rupees ($179). "It sounds concerning. Do you know how this can affect me?" said Sandeep, confirming the documents' authenticity. He said Star Health had not notified him of any data leak. The chatbot also leaked a claim last year by policyholder Pankaj Subhash Malhotra which included ultrasound imaging test results, details of illness and copies of federal tax account and national ID cards. He also confirmed the documents were genuine and said he was not made aware of any security breach. The Star Health chatbots are part of a broader trend of hackers using such methods to sell stolen data. Of five million people whose data was sold via chatbots, India represented the largest number of victims at 12%, showed the latest survey on the epidemic conducted by NordVPN at the end of 2022. "The fact that sensitive data is available via Telegram is natural, because Telegram is an easy-to-use storefront," said NordVPN cybersecurity expert Adrianus Warmenhoven. "Telegram has become an easier to use method for criminals to interact."

Private data of millions of Indian top insurer Star Health's customers up for sale

The purported creator of the chatbots told a security researcher, who alerted Reuters to the issue, that private details of millions of people were for sale and that samples could be viewed by asking the chatbots to divulge. Star Health and Allied Insurance, whose market capitalization exceeds $4 billion, in a statement to Reuters said it has reported alleged unauthorized data access to local authorities. It said an initial assessment showed "no widespread compromise" and that "sensitive customer data remains secure". Using the chatbots, Reuters was able to download policy and claims documents featuring names, phone numbers, addresses, tax details, copies of ID cards, test results and medical diagnoses. The ability for users to create chatbots is widely credited with helping Dubai-based Telegram become one of the world's biggest messenger apps with 900 million active monthly users. However, the arrest of Russian-born founder Pavel Durov in France last month has increased scrutiny of Telegram's content moderation and features open to abuse for criminal ends. Durov and Telegram denied wrongdoing and are addressing the criticism. The use of Telegram chatbots to sell stolen data demonstrates the difficulty the app has in preventing nefarious agents taking advantage of its technology and highlights the challenges Indian companies face in keeping their data safe. The Star Health chatbots feature a welcome message stating they are "by xenZen" and have been operational since at least Aug. 6, said UK-based security researcher Jason Parker. Parker said he posed as a potential buyer on a online hacker forum where a user under the alias xenZen said they made the chatbots and possessed 7.24 terabytes of data related to over 31 million Star Health customers. The data is free via the chatbot on a random, piecemeal basis, but for sale in bulk form. Reuters could neither independently verify xenZen's claims nor ascertain how the chatbot creator obtained the data. In an email to Reuters, xenZen said they were in discussions with buyers without disclosing who or why they were interested. In testing the bots, Reuters downloaded more than 1,500 files with some documents dated as recently as July 2024. "If this bot gets taken down watch out and another one will be made available in few hours," the welcome message read. The chatbots were later marked "SCAM" with a stock warning that users had reported them as suspect. Reuters shared details of the chatbots with Telegram on Sept. 16 and within 24 hours spokesperson Remi Vaughn said they had been "taken down" and asked to be informed should more appear. "The sharing of private information on Telegram is expressly forbidden and is removed whenever it is found. Moderators use a combination of proactive monitoring, AI tools and user reports to remove millions of pieces of harmful content each day." New chatbots have since appeared offering Star Health data. Star Health said an unidentified person contacted it on Aug. 13 claiming to have access to some of its data. The insurer reported the matter to the cybercrime department of its home state of Tamil Nadu and federal cyber security agency CERT-In. "The unauthorized acquisition and dissemination of customer data is illegal, and we are actively working with law enforcement to address this criminal activity. Star Health assures its customers and partners that their privacy is of paramount importance to us," it said in its statement. In an Aug. 14 stock exchange filing, Star Health, India's biggest player among standalone health insurance providers, said it was investigating an alleged breach of "a few claims data". Representatives for CERT-In and the Tamil Nadu cybercrime department did not respond to emailed requests for comment. Telegram allows individuals or organizations to store and share large amounts of data behind anonymous accounts. It also lets them create customizable chatbots which automatically provide content and features based on user requests. Two chatbots distribute Star Health data. One offers claim documents in PDF format. The other allows users to request up to 20 samples from 31.2 million datasets with a single click giving details including policy number, name and even body mass index. Among documents disclosed to Reuters were records related to the treatment of the one-year-old daughter of policyholder Sandeep TS at a hospital in the southern state of Kerala. The records included diagnosis, blood test results, medical history and a bill of nearly 15,000 rupees ($179). "It sounds concerning. Do you know how this can affect me?" said Sandeep, confirming the documents' authenticity. He said Star Health had not notified him of any data leak. The chatbot also leaked a claim last year by policyholder Pankaj Subhash Malhotra which included ultrasound imaging test results, details of illness and copies of federal tax account and national ID cards. He also confirmed the documents were genuine and said he was not made aware of any security breach. The Star Health chatbots are part of a broader trend of hackers using such methods to sell stolen data. Of five million people whose data was sold via chatbots, India represented the largest number of victims at 12%, showed the latest survey on the epidemic conducted by NordVPN at the end of 2022. "The fact that sensitive data is available via Telegram is natural, because Telegram is an easy-to-use storefront," said NordVPN cybersecurity expert Adrianus Warmenhoven. "Telegram has become an easier to use method for criminals to interact."

Exclusive-Hacker uses Telegram chatbots to leak data of top Indian insurer Star Health

Star Health and Allied Insurance, whose market capitalization exceeds $4 billion, in a statement to Reuters said it has reported alleged unauthorized data access to local authorities. It said an initial assessment showed "no widespread compromise" and that "sensitive customer data remains secure". Using the chatbots, Reuters was able to download policy and claims documents featuring names, phone numbers, addresses, tax details, copies of ID cards, test results and medical diagnoses. The ability for users to create chatbots is widely credited with helping Dubai-based Telegram become one of the world's biggest messenger apps with 900 million active monthly users. However, the arrest of Russian-born founder Pavel Durov in France last month has increased scrutiny of Telegram's content moderation and features open to abuse for criminal ends. Durov and Telegram denied wrongdoing and are addressing the criticism. The use of Telegram chatbots to sell stolen data demonstrates the difficulty the app has in preventing nefarious agents taking advantage of its technology and highlights the challenges Indian companies face in keeping their data safe. The Star Health chatbots feature a welcome message stating they are "by xenZen" and have been operational since at least Aug. 6, said UK-based security researcher Jason Parker. Parker said he posed as a potential buyer on a online hacker forum where a user under the alias xenZen said they made the chatbots and possessed 7.24 terabytes of data related to over 31 million Star Health customers. The data is free via the chatbot on a random, piecemeal basis, but for sale in bulk form. Reuters could neither independently verify xenZen's claims nor ascertain how the chatbot creator obtained the data. In an email to Reuters, xenZen said they were in discussions with buyers without disclosing who or why they were interested. In testing the bots, Reuters downloaded more than 1,500 files with some documents dated as recently as July 2024. "If this bot gets taken down watch out and another one will be made available in few hours," the welcome message read. The chatbots were later marked "SCAM" with a stock warning that users had reported them as suspect. Reuters shared details of the chatbots with Telegram on Sept. 16 and within 24 hours spokesperson Remi Vaughn said they had been "taken down" and asked to be informed should more appear. "The sharing of private information on Telegram is expressly forbidden and is removed whenever it is found. Moderators use a combination of proactive monitoring, AI tools and user reports to remove millions of pieces of harmful content each day." New chatbots have since appeared offering Star Health data. Star Health said an unidentified person contacted it on Aug. 13 claiming to have access to some of its data. The insurer reported the matter to the cybercrime department of its home state of Tamil Nadu and federal cyber security agency CERT-In. "The unauthorized acquisition and dissemination of customer data is illegal, and we are actively working with law enforcement to address this criminal activity. Star Health assures its customers and partners that their privacy is of paramount importance to us," it said in its statement. In an Aug. 14 stock exchange filing, Star Health, India's biggest player among standalone health insurance providers, said it was investigating an alleged breach of "a few claims data". Representatives for CERT-In and the Tamil Nadu cybercrime department did not respond to emailed requests for comment. Telegram allows individuals or organizations to store and share large amounts of data behind anonymous accounts. It also lets them create customizable chatbots which automatically provide content and features based on user requests. Two chatbots distribute Star Health data. One offers claim documents in PDF format. The other allows users to request up to 20 samples from 31.2 million datasets with a single click giving details including policy number, name and even body mass index. Among documents disclosed to Reuters were records related to the treatment of the one-year-old daughter of policyholder Sandeep TS at a hospital in the southern state of Kerala. The records included diagnosis, blood test results, medical history and a bill of nearly 15,000 rupees ($179). "It sounds concerning. Do you know how this can affect me?" said Sandeep, confirming the documents' authenticity. He said Star Health had not notified him of any data leak. The chatbot also leaked a claim last year by policyholder Pankaj Subhash Malhotra which included ultrasound imaging test results, details of illness and copies of federal tax account and national ID cards. He also confirmed the documents were genuine and said he was not made aware of any security breach. The Star Health chatbots are part of a broader trend of hackers using such methods to sell stolen data. Of five million people whose data was sold via chatbots, India represented the largest number of victims at 12%, showed the latest survey on the epidemic conducted by NordVPN at the end of 2022. "The fact that sensitive data is available via Telegram is natural, because Telegram is an easy-to-use storefront," said NordVPN cybersecurity expert Adrianus Warmenhoven. "Telegram has become an easier to use method for criminals to interact." (Reporting by Christopher Bing and Munsif Vengattil; Editing by Aditya Kalra and Christopher Cushing)

Star Health Insurance's sensitive customer data leaked on Telegram chatbots, raises concerns

The alleged creator of the chatbots told a security researcher, who alerted the agency of the development. According to the report, the private details of millions of people were for sale, and samples could be viewed by asking the bots to disclose them. Star Health and Allied Insurance told Reuters in a statement that the company reported alleged unauthorized data access to local authorities. The company disclosed in an initial statement that "no widespread compromise" happened and that "sensitive customer data remains secure". According to the report, the agency downloaded policy and claim documents featuring names, phone numbers, addresses, tax details, copies of ID cards, test results, and medical diagnoses using chatbots. The feature enables users to create chatbots and has made Telegram one of the biggest messenger apps, with 900 million active monthly users, reported the agency. Using chatbots in Telegram to sell stolen data shows the app's difficulty in preventing criminal agents from taking advantage of its technology. According to the report, this also highlights the challenges Indian companies face in keeping their data safe. UK-based researcher Jason Parker said that the Star Health chatbots feature a welcome message stating they are "by xenZen" and have been operational since August 6. Parker posed as a potential buyer on an online hacking forum, where a user under the alias xenZen said that they made the chatbots and possessed 7.24 terabytes of data related to over 31 million Star Health customers, reported the agency. The data is free through the chatbot on a random, piece-by-piece basis but also for sale in bulk form, said the report. The agency could not independently verify these claims nor determine how the chatbot creator got the data. In an email to the agency, xenZen said they were discussing with buyers without disclosing who or why they were interested. Star Health and Allied Insurance Company Ltd shares closed 1.76 per cent higher at ₹617 after Friday's trading session, compared to ₹606.35 at the previous market close. The news agency downloaded over 1,500 files, some of which were documents dated as recently as July 2024. According to the report, the welcome message from the bot read, "If this bot gets taken down, watch out; another one will be made available in a few hours." These chatbots were later marked as "Scam" with a stock warning that users had reported them as a suspect. Telegram has "taken down" the chatbots and asked to be informed if more appeared after the agency shared details of them with Telegram on September 16, according to spokesperson Remi Vaughn, quoted in the report. "The sharing of private information on Telegram is expressly forbidden and is removed whenever it is found. Moderators use a combination of proactive monitoring, AI tools and user reports to remove millions of pieces of harmful content each day." New chatbots have since started offering Star Health data. The company said that an unidentified person contacted them on August 13, claiming that they had access to some of the data. According to the report, Star Health reported the issue to Tamil Nadu's cybercrime department and federal cyber security agency CERT-In. "The unauthorized acquisition and dissemination of customer data is illegal, and we are actively working with law enforcement to address this criminal activity. Star Health assures its customers and partners that their privacy is of paramount importance to us," Star Health said in its statement. The report said representatives of CERT-In and the Tamil Nadu Cybercrime Department refused to respond to email requests for queries. Telegram allows people to store and share large amounts of data behind anonymous accounts. It also lets people create customizable chatbots that provide content and features based on user requests, according to the agency report. Two chatbots offer Star Health data: one offers documents in PDF format, and the other allows users to request up to 20 samples from 31.2 million datasets with a single click, giving details including policy number, name, and body mass index (BMI). The documents disclosed to the agency were the records of treatment of the one-year-old daughter of the policyholder Sandeep TS at a Kerala hospital. The leaked records included diagnosis, blood test results, medical history and a bill of nearly ₹15,000. "It sounds concerning. Do you know how this can affect me?" Sandip told the agency confirming the authenticity of the leaked documents. Star Health has not notified him of any data leak. The report said the chatbot also leaked a claim from policyholder Pankaj Subhash Malhotra last year. The claim included ultrasound imaging test results, details of illness, and copies of federal tax accounts and national ID cards. Malhotra also confirmed the authenticity of the documents and said that the company did not make him aware of any security threat to the report. This is part of a broader trend of hackers using similar methods to sell stolen data. Out of five million people whose data was sold through chatbots, India made up 12 per cent of victims, as per a NordVPN survey 2022, cited in the report. "The fact that sensitive data is available via Telegram is natural, because Telegram is an easy-to-use storefront," Adrianus Warmenhoven, cybersecurity expert at NordVPN told the agency. "Telegram has become an easier to use method for criminals to interact." Milestone Alert! Livemint tops charts as the fastest growing news website in the world 🌏 Click here to know more. 3.6 Crore Indians visited in a single day choosing us as India's undisputed platform for General Election Results. Explore the latest updates here!

Star Health hacked: Name, address, phone numbers, medical reports and other data of 31 million customers available for free on Telegram - Times of India

A massive hacking at one of India's largest health insurers, Star Health, has exposed the private details of over 31 million customers. The stolen data, including sensitive medical reports, has been made publicly accessible through chatbots on the messaging app Telegram. According to a report by news agency Reuters, the data of the insurer's customers is available for free via chatbots on Telegram - the founder of which was recently arrested for allegedly allowing the platform to be used for criminal activities. How hackers are making stolen data available on Telegram According to the report, a user named "xenZen" has created chatbots that allow users to request and download various documents, including policy details, claims information, and even medical diagnoses. Reuters says that it was able to download more than 1,500 files that have names, phone numbers, addresses, tax details, copies of ID cards, test results and medical diagnoses of customers. It also claims that some documents are dated as recently as July 2024. UK-based security researcher Jason Parker told the news agency that he posed as a potential buyer on an online hacker forum where a user under the alias xenZen said they made the chatbots and possessed 7.24 terabytes of data. "If this bot gets taken down watch out and another one will be made available in few hours," a message read. While Telegram has taken down the initial chatbots after being alerted by Reuters, new ones have reportedly appeared offering Star Health data. The chatbots were marked "SCAM" with a stock warning that users had reported them as suspect. "The sharing of private information on Telegram is expressly forbidden and is removed whenever it is found. Moderators use a combination of proactive monitoring, AI tools and user reports to remove millions of pieces of harmful content each day," said Telegram spokesperson Remi Vaughn said. What Star Health has to say The company has acknowledged the breach and is working with law enforcement to address the issue. It said an initial assessment showed "no widespread compromise" and that "sensitive customer data remains secure". "The unauthorised acquisition and dissemination of customer data is illegal, and we are actively working with law enforcement to address this criminal activity. Star Health assures its customers and partners that their privacy is of paramount importance to us," it said in its statement. The TOI Tech Desk is a dedicated team of journalists committed to delivering the latest and most relevant news from the world of technology to readers of The Times of India. TOI Tech Desk's news coverage spans a wide spectrum across gadget launches, gadget reviews, trends, in-depth analysis, exclusive reports and breaking stories that impact technology and the digital universe. Be it how-tos or the latest happenings in AI, cybersecurity, personal gadgets, platforms like WhatsApp, Instagram, Facebook and more; TOI Tech Desk brings the news with accuracy and authenticity.