A few weeks after Telegram’s founder was charged with enabling the platform to assist criminal activity, hackers made stolen customer data from Star Health publicly available. This data, including medical reports from India’s largest health insurer, is accessible via chatbots on Telegram.
The chatbots’ alleged designer told a security researcher that millions of people’s private information was available. Reuters learned about the issue when samples were revealed by requesting the chatbots to display them.
Star Health and Allied Insurance, valued at over $4 billion, reported suspected unlawful data access to local authorities. The company made this statement to Reuters. According to the statement, there was “no widespread compromise” and “sensitive customer data remains secure” after an initial examination.
Reuters obtained policy and claims paperwork containing names, phone numbers, residences, and tax information using the chatbots. They also accessed copies of ID cards, test results, and medical diagnoses.

Dubai-based Telegram, with 900 million active monthly users, has become one of the largest messenger programs globally. Its growth is largely due to users’ ability to create chatbots.
The Russian-born founder Pavel Durov was arrested in France last month. This has raised questions about Telegram’s content filtering and its potential for abuse in illegal activities. Durov and Telegram responded to the criticism and refuted any misconduct.
Telegram chatbots selling stolen data highlight the challenges Indian businesses face in protecting their information. The app also struggles to prevent unscrupulous agents from misusing its technology.
Security researcher Jason Parker, who is located in the UK, claimed that the Star Health chatbots have been in operation since at least August 6 and include a welcome message that says they are “by xenZen”.
Parker claimed he had pretended to be a prospective purchaser on an online hacker forum. A member using the handle xenZen claimed to have created the chatbots and possessed 7.24 terabytes of data on more than 31 million Star Health clients. The chatbot offers random, piecemeal access to the data for free, but it can also be purchased in bulk.
Reuters could not determine how the chatbot’s designer obtained the data or independently confirm xenZen’s claims. In an email to Reuters, xenZen stated they were in talks with buyers, but they did not disclose who was interested or the reason for their interest.
Reuters downloaded around 1,500 files, some dated as recently as July 2024, in order to test the bots.
The welcome message said, “If this bot gets taken down, watch out and another one will be made available in few hours.”
After that, people reported the chatbots as suspicious, and they were labeled as “SCAM” with a stock warning. On September 16, Reuters gave Telegram access to the chatbots’ details. A day later, a spokesman Remi Vaughn stated the chatbots had been “taken down” and requested to be notified if any more appeared.
“The sharing of private information on Telegram is expressly forbidden and is removed whenever it is found. Moderators use a combination of proactive monitoring, AI tools and user reports to remove millions of pieces of harmful content each day.”
Since then, more chatbots have emerged that provide Star Health data.
Star Health said that on August 13, an unknown individual got in touch with it and claimed to have access to certain information. The insurer notified the federal cyber security agency CERT-In and the cybercrime department of Tamil Nadu, where it is based, of the incident.
“The unauthorized acquisition and dissemination of customer data is illegal, and we are actively working with law enforcement to address this criminal activity. Star Health assures its customers and partners that their privacy is of paramount importance to us,” it said in its statement.
Star Health, which is the largest standalone health insurance company in India, said that it was looking into a purported breach of “a few claims data” in a stock exchange filing on August 14.
Email inquiries for comments were not answered by CERT-In or the Tamil Nadu cybercrime department representatives.
Large volumes of data can be shared and stored by individuals or companies via Telegram, all behind anonymous profiles. Additionally, it enables them to build configurable chatbots that respond to user requests for content and features automatically.
Star Health data is distributed by two chatbots. One provides claim forms in PDF file format. With only one click, customers can request up to 20 samples from 31.2 million datasets, providing information such as policy number, name, and body mass index.
Records pertaining to the care given to policyholder Sandeep TS’s one-year-old daughter at a hospital in the southern state of Kerala were among the materials made available to Reuters. The medical history, blood test results, diagnosis, and a bill totaling almost 15,000 rupees ($179) were all contained in the paperwork.
“It sounds concerning. Do you know how this can affect me?” said Sandeep, confirming the documents’ authenticity. He said he was not informed of any data leak by Star Health.
Additionally, last year, the chatbot disclosed a claim made by policyholder Pankaj Subhash Malhotra, which contained copies of his national ID cards, federal tax account information, and the findings of an ultrasound imaging test. In addition, he attested to the authenticity of the documents and stated he was not informed of any security breach.
The use of chatbots by hackers to sell stolen data is not unique to Star Health; this is a common practice. According to the most recent assessment on the epidemic, which NordVPN conducted at the end of 2022, India accounted for the greatest number of victims (12%) out of the five million people whose data was sold via chatbots.
“The fact that sensitive data is available via Telegram is natural, because Telegram is an easy-to-use storefront,” said NordVPN cybersecurity expert Adrianus Warmenhoven. “Telegram has become an easier to use method for criminals to interact.”
