Reuters reports that Star Health, the largest health insurance provider in India, had stolen data from more than 31 million of its customers exposed by a pair of Telegram chatbots created by the threat actor "xenZen," which have been operational since early August.
Despite the shutdown of both chatbots — which provided free access to up to 20 data samples from 31.2 million datasets and PDF-based claim documents — more have emerged to distribute the stolen data. While over 1,500 files downloaded by Reuters from the chatbots included names, addresses, phone numbers, tax information, ID card copies, medical diagnoses, and test results, Star Health has emphasized the lack of widespread compromise based on its initial investigation. Such a development comes just weeks after Telegram CEO Pavel Durov was arrested by French authorities over the platform's inadequate content moderation. "The fact that sensitive data is available via Telegram is natural, because Telegram is an easy-to-use storefront. Telegram has become an easier to use method for criminals to interact," noted NordVPN cybersecurity expert Adrianus Warmenhoven.
