Star Health Customer Data Leaks Through Telegram Chatbot Created By Hackers
JAKARTA Personal customer data, including medical reports from India's largest health insurance company, Star Health, can be accessed publicly via chatbots on the Telegram app. This happened just weeks after the Telegram founder was accused of allowing the app to be used to facilitate criminal activity.
A hacker suspected of making the chatbot told a security researcher, who later told Reuters that the personal details of millions of people were sold via chatbots, and data samples could be accessed by asking chatbots to provide information.
Star Health and Allied Insurance, an insurance company that has a market cap of more than $4 billion, said in a statement to Reuters that it had reported unauthorized data access to local authorities. Preliminary assessments show no widespread data breaches and that customer sensitive data remains secure.
However, Reuters managed to download policy documents and claims that included names, phone numbers, addresses, tax details, ID card copies, test results, and medical diagnosis through the chatbot.
The widespread use of chatbots on Telegram has helped the app become one of the largest messaging platforms in the world, with 900 million monthly active users. However, the arrest of Telegram founder Pavel Durov in France last month has increased scrutiny of content moderation and features that could be misused for criminal purposes.
SEE ALSO:
Hackers with the pseudonym "xenZen" claim to have 7.24 terabytes of data from more than 31 million Star Health subscribers. The data is available randomly via chatbots, but can be sold in bulk. The media has not been able to independently verify xenZen claims.
Star Health reported the matter to the department of cybercrime in its home state, Tamil Nadu, and India's National Cybersecurity Agency (CERT-In). The insurance company insists that illegally obtaining and disseminating customer data is illegal, and they are working with law enforcement to deal with these criminal activities.
Sementara itu, Telegram telah menghapus chatbot tersebut setelah Reuters menghubungi mereka, tetapi chatbot baru segera muncul menawarkan data pelanggan Star Health yang sama. Telegram menyatakan bahwa berbagai informasi pribadi di platform mereka dilarang keras dan konten semacam itu dihapus ketikan ditemukan.