Hackers Share Stolen Data From India’s Largest Health Insurer via Telegram - 1

Photo by Accuray on Unsplash

Hackers Share Stolen Data From India’s Largest Health Insurer via Telegram

  • Written by Andrea Miliani Former Tech News Expert
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

In a Rush? Here are the Quick Facts!

  • Hackers stole data from Start Health and shared it via Telegram chatbots
  • Reuters got access to more than 1,500 documents and confirmed the authenticity of selected documents
  • Star Health and Allied Insurance claims data is secure

Hackers shared data stolen from Star Health, India’s largest health insurer, through chatbots on Telegram according to a recent exclusive by Reuters .

The data included medical reports and were offered for sale through the platform. Malicious actors also provided samples through the chatbot which would provide information to anyone who asked it to view it.

Even though Star Health and Allied Insurance assured Reuters that sensitive information has not been compromised and that customers’ data remains secure—but did report unauthorized access to authorities in India—, the news agency was able to download documents that included tax details, names, phone numbers, test results, addresses, copies of IDs, and medical diagnoses through the chatbots.

During its research, Reuters was able to download 1,500 files, including recent results from July this year. “If this bot gets taken down watch out and another one will be made available in a few hours,” wrote the bot in a welcome message through the platform.

One of the chatbots provides PFD documents, and the other bot provides samples with sensitive information, up to 20, from 31.2 million datasets in just a few clicks. One of the documents retrieved by Reuters included details of the “treatment of the one-year-old daughter of policyholder Sandeep TS,” and the information was true and verified by TS, who was not notified by the health insurance company about the leak.

The chatbots were reported and taken down within 24 hours, but new ones reappear.

“The sharing of private information on Telegram is expressly forbidden and is removed whenever it is found. Moderators use a combination of proactive monitoring, AI tools, and user reports to remove millions of pieces of harmful content each day,” said Remi Vaughn, a spokesperson from Telegram.

This story was shared just weeks after Telegram’s CEO Pavel Durov was arrested in France for not providing enough moderation and safety measures, allowing crimes through the platform.

Fake Walmart Lists Trick Shoppers Into Scams - 2

Image by Walmart from Flickr

Fake Walmart Lists Trick Shoppers Into Scams

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

In a Rush? Here are the Quick Facts!

  • Scammers use fake Walmart lists to impersonate representatives.
  • Victims are pressured into sharing personal, banking details.
  • Google ads display legitimate Walmart URLs, tricking users.

A new report by MalwareBytes reveals a scam targeting Walmart customers through fake virtual shopping lists. These lists, designed to look like legitimate customer service pages, trick shoppers into calling fraudulent numbers operated by scammers.

Once on the line, scammers impersonate Walmart representatives, requesting personal information, which could be used for malicious purposes.

The scammers have taken advantage of a feature on Walmart’s website called “Walmart Lists,” which allows registered users to create and share virtual shopping lists.

By embedding rogue customer service numbers into these lists and promoting them through Google ads, scammers deceive victims into believing they are contacting Walmart.

Once a victim calls the number, the scam escalates quickly. The scammers, posing as Walmart customer service agents, inform the caller of a supposed fraudulent charge on their account.

The victims are pressured to provide more sensitive details, including banking information and social security numbers.

In some cases, victims are falsely accused of money laundering and threatened with arrest unless they transfer money into a Bitcoin wallet.

The call center uses multiple scammers, each posing as different authorities such as supervisors, bank employees, and even Federal Trade Commission (FTC) investigators.The scam preys on consumers’ trust in official websites and fear of criminal accusations.

This report highlights the evolving tactics scammers use to exploit online users, and underscores the importance of staying vigilant while shopping or contacting customer service online.