Why the Star Health Insurance Breach of 31M People Matters

Star Health Insurance — the Indian giant providing cashless health coverage to its customers under a network of 14,000 hospitals, as well as other services — recently confirmed a data breach affecting 31 million people.

The breach, followed by Telegram chatbots leaking millions of lines of compromised data from Star Health Insurance customers, is now moving to the court as the company sues Telegram, Cloudflare, and the threat actor behind the hack.

Experts tell Techopedia about the scale and importance of the breach  — and what it might mean for Star Health Insurance customers.

Table of Contents Table of Contents

1. Key Takeaways
2. Star Health Insurance Takes the Breach to Court
3. How Telegram Bots Can Serve Cybercriminals
4. Will the Madras High Court Open the Telegram Legal Floodgates
5. The Bottom Line
6. FAQs
7. References

Show Full Guide

Table of Contents

1. Key Takeaways
2. Star Health Insurance Takes the Breach to Court
3. How Telegram Bots Can Serve Cybercriminals
Show Full Guide
4. Will the Madras High Court Open the Telegram Legal Floodgates
5. The Bottom Line
6. FAQs
7. References

Star Health Insurance Takes the Breach to Court

On October 10, local media from India reported that the Madras High Court had already engaged in the Star Health Insurance breach case.

After the hacker known as ‘xenZen‘ created Telegram bots to disseminate data from 31,216,953 customers and 5,758,425 company claims, the company is resorting to justice to end the distribution of sensitive data.

The exposed data includes personal information such as mobile numbers, addresses, and pre-existing medical conditions from millions of customers.

The hacker xenZen also developed a website with sample data from the breach. Naturally, xenZen’s motivation is to sell the data repeatedly. Media reports that xenZen is asking for $150,000 for the entire dataset and $10,000 for smaller batches with 100,000 entries each.

Experts worry that the amount of data exposed will fuel a wave of phishing, fraud, cyberattacks, and scams.

Star Health Insurance said in a communication:

“We also timely approached the Madras High Court which, in the attached order, has directed all including certain third parties to disable access to the relevant information. We are diligently pursuing the implementation of this order.

“We also want to emphasize that any unauthorized acquisition, possession, or dissemination of customer data is illegal. We urge all platforms, hosting companies, social media channels, and users to take swift and decisive action to halt such activities and comply with the orders of the High Court.”

How Telegram Bots Can Serve Cybercriminals

In search of clarity on how xenZen Telegram bots were used to distribute millions of people’s personal data, we interviewed several cybersecurity experts.

Erich Kron, a security awareness advocate at KnowBe4, a company that helps organizations strengthen their cybersecurity culture and human elements, told Techopedia that these bots can view or access unencrypted data before it is sent via encrypted means.

“At the most simplistic level, these bots are simply programs that are going to monitor conversations for keywords or perform other actions.”

If a hacker creates a Telegram chatbot and provides it with a database of leaked data from 31 million people, the chatbot becomes capable of providing different answers to users.

For example, a user could ask if his data is compromised, and the chatbot would answer.

A user could also ask for more specific information, such as “list all exposed data that include enterprise clients.”

The dangers of such chatbots are extremely serious.

MacKenzie Brown, VP of the Adversary Pursuit Group at Blackpoint Cyber, a Managed Detection and Response solution provider, told Techopedia that chatbots on Telegram can be conduits for additional danger as they are being leveraged to maliciously access exposed data (such as Star Health’s data).

“Simply, anyone else curious enough was able to leverage the same capability themselves to ask chatbots now for any of the stolen data.”

Will the Madras High Court Open the Telegram Legal Floodgates

As mentioned, Star Health Insurance has filed lawsuits against Telegram, Cloudflare, and the hacker xenZen. The company claims Telegram and Cloudflare played a vital role in facilitating the distribution of the leaked data.

The Madras High Court in Chennai has already issued temporary injections, demanding Telegram block any chatbot distributing the data. This new court case is expected to unfold as Telegram’s founder and CEO, Durov Pavel, faces a case in France for allowing alleged criminal activity on his messaging app, including drug trafficking, malware distribution, misinformation, and underage pornography content distribution.

The big legal argument, especially by Durov’s defense and echoed by those who advocate for Durov’s release, is whether platforms are responsible for the content they host.

David Redekop, the CEO of ADAMnetworks, a proactive cybersecurity company, took us back to 1934 to answer that question.

“In the US, the frequently-referenced Section 230 — a section of the Communications Act of 1934 that was enacted as part of the Communications Decency Act of 1996, which is Title V of the Telecommunications Act of 1996 —- generally provides immunity for online computer services with respect to third-party content generated by its users,” Redekop said.

Redekop added that this 1934 section still today protects all companies including Telegram and Cloudflare.

“It is well-known that pig butchering scams, among other crimes, make use of Cloudflare’s services as it hides their identity from everyone but Cloudflare. But then Cloudflare is protected by Section 230. Telegram is protected in the U.S. in the same way as Cloudflare.

“It remains to be seen what justice Madras High Court can serve companies whose Terms of Service technically require justice to be served in their headquartered jurisdiction,” Redekop said.

“My opinion is that the law moves too slowly to combat the innovation of criminals.”

Kron from KnowBe4 said that platforms and providers need to do their due diligence when hosting or serving content. This includes having ways to quickly report malicious or illegal content, deploying automation to look for potentially illicit materials, and having a process for actively blocking problematic digital content.

“Having these controls in place should limit the amount of responsibility that falls on the platforms and providers. However, it should be shown that these controls are legitimate and being used in good faith and are tested continuously.”

Responding to whether every government or breached company and organization will pursue legal cases against Telegram in the near future, Korn said that this would largely be influenced by the outcome of the pending cases and how the arguments could be applied to laws and regulations in other countries and against other providers.

“In the event the courts find responsibility falling on Telegram and Cloudflare, I would expect that lawsuits will be filed quickly after the fact, especially if there are no regional rules that specifically exclude these organizations from responsibility,” Kron said.

“If the arguments are valid and apply to other countries, this is going to be a very interesting thing to watch,” Kron said.

The Bottom Line

At first glance, the Star Health Insurance breach and legal cases present themselves as complex issues and news. However, nothing is further from the truth.

A hacker got a hold of data from 31 million people and illegally leaked it through the internet and through Telegram using Telegram Chatbots. The hacker is doing all of this for nothing but money, and those who buy the stolen data will leverage it in cyberattacks.

Star Health Insurance has, within its rights, brought the case to the Indian courts to seek supportive actions from Justice and hold those it believes responsible for negligence and malice accountable.

FAQs