Reports of a Telegram bot openly peddling sensitive personal data of Indian citizens for as little as Rs 99 has shocked netizens. This alarming discovery highlights a significant cybersecurity threat, with crucial information accessible to anyone with a mobile number and Telegram not putting any leash on it.
According to a report from Digit, the Telegram bot allows users to purchase comprehensive personal profiles of Indian citizens. For a mere Rs 99 per search, or Rs 4,999 for unlimited monthly access, individuals can obtain details including Aadhaar numbers, PAN details, voter IDs, full addresses, father’s names, and even alternate phone numbers, simply by inputting a mobile number.
The data provided by the bot was found to be remarkably accurate and relatively current, with some information dating back three to four years. This readily available information poses a severe risk, enabling various illicit activities such as identity theft, fraudulent Know Your Customer (KYC) registrations, and loan scams.
It is said that the vast trove of data has likely been amassed over several years from multiple breaches affecting public utilities, fintech applications and telecom companies. It is believed to be stored in a clandestine database, possibly on the dark web or a private server. The sale of such highly sensitive information presents a substantial national security concern. Malicious actors could exploit this data for fake KYC procedures, obtaining fraudulent loans, unauthorised access to bank accounts, SIM card cloning, and creating false digital identities.
Although the name of the Telegram bot has been withheld by the source, it underscores the urgent need to raise awareness about cybersecurity. It is also surprising to see platforms like Telegram permit such bots to operate without stringent regulatory action, given their past involvement in piracy and other harmful activities. What’s even more surprising is how the authorities turn a blind eye to the shady digital ecosystem breeding on platforms like Telegram, with no action being taken to regulate activities.
How to stay safe from potential cyberattacks
While leaked databases put everyone at risk, there are a few activities that you can undertake to secure your data. Netizens are advised to lock their Aadhaar numbers, exercise extreme caution with unsolicited requests for personal information, and promptly report any suspicious cyber activities or fraud.
