Stolen customer data including medical reports from India's biggest health insurer, Star Health, is publicly accessible via chatbots on Telegram, just weeks after Telegram's founder was accused of allowing the messenger app to facilitate crime, a Reuters report reveals.
The purported creator of the chatbots told a security researcher, who alerted Reuters to the issue, that private details of millions of people were for sale and that samples could be viewed by asking the chatbots to divulge.
Star Health and Allied Insurance, whose market capitalization exceeds $4 billion, in a statement to Reuters said it has reported alleged unauthorized data access to local authorities. It said an initial assessment showed "no widespread compromise" and that "sensitive customer data remains secure".
The use of Telegram chatbots to sell stolen data demonstrates the difficulty the app has in preventing nefarious agents taking advantage of its technology and highlights the challenges Indian companies face in keeping their data safe, the report said.
According to Reuters, in an August 14 stock exchange filing, Star Health, India's biggest player among standalone health insurance providers, said it was investigating an alleged breach of "a few claims data".
The Star Health chatbots are part of a broader trend of hackers using such methods to sell stolen data. Of five million people whose data was sold via chatbots, India represented the largest number of victims at 12%, showed the latest survey on the epidemic conducted by NordVPN at the end of 2022.
"The fact that sensitive data is available via Telegram is natural, because Telegram is an easy-to-use storefront," said NordVPN cybersecurity expert Adrianus Warmenhoven. "Telegram has become an easier to use method for criminals to interact."