Hacker Uses Telegram Chatbots To Leak Data From Top Indian Insurer

A hacker has compromised the systems of Star Health one of India’s largest health insurers and leaked sensitive data using Telegram chatbots, as reported by Reuters. The hacker, identified as “Robin Hood” on Telegram claimed to have accessed Star Health’s database and leaked personal data of policyholders, including names, phone numbers, and addresses. The leaked data also included sensitive medical information such as policy details and claim history.  The hacker’s Telegram channel had over 1,500 subscribers indicating an uncanny interest in the leaked data.

According to Reuters, the hacker used Telegram chatbots to spread the leaked data allowing users to search for and access specific policyholders’ information. The chatbots were programmed to provide information on policyholders’ claims history, policy details, and other sensitive data. Star Health confirmed the data breach stating that it was investigating the incident. “We are investigating the matter and taking necessary steps to protect our customers’ data,” a Star Health spokesperson told as quoted by Reuters.

Also, read| Telegram Reaches 10 Million Paid Subscribers, Announces CEO Pavel Durov

Star Health stated that an unidentified person contacted them on August 13 claiming access to some data and they reported this to authorities and assured customers that privacy is paramount. Star Health also assured that it would notify affected policyholders and take measures to prevent future breaches. “We apologize for the inconvenience caused and assure our customers that we are taking all necessary steps to safeguard their data,” the spokesperson added. Reuters also reported that the Indian Computer Emergency Response Team (CERT-In) and the Insurance Regulatory and Development Authority of India (IRDAI) were informed about the breach.

How did the data leak happen?

• Telegram allows anonymous accounts to store and share large data amounts through customisable chatbots that provide content based on user requests.
• Here, two chatbots distributed Star Health data. One chatbot offered claim documents in PDF format. The other allowed users to request up to 20 samples from 31.2 million datasets.
• Documents disclosed to Reuters included a policyholder’s daughter’s medical records, diagnosis, blood test results, and medical history.
• Reuters tested the chatbots and downloaded over 1,500 files including documents dated July 2024 and the chatbots were later marked “SCAM” by Telegram.

Since Telegram’s CEO Pavel Durov’s arrest in France last month sparked controversy and has increased scrutiny of Telegram’s content moderation and tolls that may be a chance for criminal doings, Durov currently addresses such issues and denies such criminal activities on the platform.

Also, read| Telegram CEO Pavel Durov Finally Breaks Silence After The Arrest In France