{"id":318,"date":"2024-09-20T12:22:25","date_gmt":"2024-09-20T12:22:25","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=318"},"modified":"2024-09-20T12:22:25","modified_gmt":"2024-09-20T12:22:25","slug":"hacker-selling-7-tb-of-star-health-insurances-customer-data-using-telegram","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=318","title":{"rendered":"Hacker selling 7 TB of Star Health Insurance\u2019s customer data using Telegram"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>Sensitive customer data from Star Health and Allied Insurance, India\u2019s largest standalone health insurer, has been leaked via chatbots on the messaging platform <a href=\"https:\/\/www.csoonline.com\/article\/565412\/what-is-telegram-and-is-it-secure.html\">Telegram<\/a>, raising serious concerns about data security and privacy in the healthcare sector, a <a href=\"https:\/\/www.reuters.com\/technology\/cybersecurity\/hacker-uses-telegram-chatbots-leak-data-top-indian-insurer-star-health-2024-09-20\/\">Reuters report<\/a> said.<\/p>\n<p>This breach, potentially affecting over 31 million customers, underscores the growing threat of cybercriminals exploiting messaging apps to distribute stolen information.<\/p>\n<p>According to the report, the breach was first flagged by UK-based cybersecurity researcher Jason Parker, who discovered that two Telegram chatbots were offering access to Star Health customer data. The stolen data includes names, addresses, phone numbers, policy details, government ID numbers, and highly sensitive medical information such as test results and diagnoses.<\/p>\n<p>The data is available for free in small portions, while bulk data \u2014 amounting to 7.24 terabytes \u2014 is being offered for sale, according to a hacker using the alias \u201cxenZen.\u201d<\/p>\n<p>Parker\u2019s investigation revealed that the chatbots had been operational since at least August 6, 2024, offering access to Star Health customer data in PDF documents and specific datasets. Although Telegram removed the chatbots within 24 hours of being notified, new chatbots offering the same data quickly reappeared, underscoring the persistent challenges in policing illicit activities on the platform, the report added.<\/p>\n<p>The news agency has claimed that it could also download around 1500 files containing customer data.<\/p>\n<p>In response, Star Health confirmed the breach, stating that it has reported the incident to local authorities, including the Tamil Nadu cybercrime department and the national cybersecurity agency CERT-In.<\/p>\n<p>The company, which has a market capitalization exceeding $4 billion, claimed in a statement to the news agency that its initial investigation found \u201cno widespread compromise\u201d of customer data and that \u201csensitive data remains secure.\u201d However, media investigations have uncovered detailed personal information being shared, contradicting the company\u2019s initial assessment.<\/p>\n<p>As of now, Star Health has not provided an updated estimate of the extent of the breach or notified affected customers directly. Customers who have had their medical records and ID documents leaked, including individuals such as policyholder Sandeep TS, confirmed the authenticity of the exposed data but were not informed of the breach by the company.<\/p>\n<p>In an August 14 <a href=\"https:\/\/www.bseindia.com\/xml-data\/corpfiling\/AttachHis\/dba49f7c-3d82-4b32-8b72-341e31f11e10.pdf\">stock exchange filing<\/a>, Star Health acknowledged investigating a possible breach but only referred to \u201ca few claims data.\u201d As the full scope of the incident becomes clearer, this raises significant questions about the company\u2019s transparency and response protocols in managing such a critical security incident.<\/p>\n<h2 class=\"wp-block-heading\">Telegram: A haven for cybercriminals?<\/h2>\n<p>This breach illustrates the broader cybersecurity challenges posed by messaging platforms like Telegram, which allows users to create chatbots to automate tasks. With over 900 million active monthly users, Telegram has emerged as a favorite tool for cybercriminals seeking to distribute stolen data due to its relative anonymity and ease of use.<\/p>\n<p>Recently, Telegram\u2019s founder Pavel Durov was arrested in France pertaining to issues with content moderation and for \u201c<a href=\"https:\/\/www.csoonline.com\/article\/3498345\/telegram-ceo-allowed-platform-to-be-abused-by-criminals-french-prosecutors-allege.html\">allowing the platform to be used by criminals<\/a>.\u201d The company has since faced increasing scrutiny over its functioning.<\/p>\n<p>Cybersecurity experts point to the exploitation of Telegram chatbots as part of a growing trend where criminals use increasingly sophisticated methods to monetize stolen data. NordVPN cybersecurity expert Adrianus Warmenhoven commented on the rise of such incidents, stating, \u201cTelegram has become an easy-to-use storefront for criminals, and while the platform itself may not be responsible, it creates an environment ripe for abuse.\u201d<\/p>\n<p>A <a href=\"https:\/\/www.reuters.com\/technology\/stolen-data-600000-indians-sold-bot-markets-so-far-study-2022-12-08\/\">2022 survey<\/a> conducted by NordVPN highlighted that India represented the largest number of victims among the five million people affected globally by chatbot-driven data sales, accounting for 12% of total victims.<\/p>\n<p>This breach at Star Health, given its scale and sensitive nature, could significantly worsen that statistic.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Sensitive customer data from Star Health and Allied Insurance, India\u2019s largest standalone health insurer, has been leaked via chatbots on the messaging platform Telegram, raising serious concerns about data security and privacy in the healthcare sector, a Reuters report said. This breach, potentially affecting over 31 million customers, underscores the growing threat of cybercriminals exploiting [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":317,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-318","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/318"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=318"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/318\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/317"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=318"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=318"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=318"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}