Telegram is at the centre of a data breach yet again. In August this year, when the app’s founder and CEO Pavel Durov was arrested in France for alleged criminal activity on the platform and for not aiding the investigation in the case by withholding data from the team, Telegram had said that it was “absurd to claim that a platform or its owner are responsible for abuse of that platform.”
However, after Durov secured bail from police custody, having had to pay $5.56 million in fines, Telegram noted that it will now be making changes on the platform to increase transparency with law enforcement agencies by handing over user data to them, when enquired, in an attempt to decrease any malicious activities on the platform.
But the platform, which has over 900 million users globally, continues to see data privacy concerns crop up as news of leaks keeps users worried.
Star Health Breach
On October 9, Star Health Insurance was hit by a cyber attack, which it said, caused “unauthorised and illegal access to certain data.” Even though the health insurance provider only confirmed the attack in October, news about it had emerged weeks ago in September.
In this breach, the personal data of 3.1 crore people who held insurance policies with Star Health was made public through Telegram chatbots. Close to 5.8 million insurance claims were also made public.
Though Telegram took down the chatbots that the hackers were using to sell the data to potential buyers, many “samples” had already been made publicly accessible, including phone numbers, addresses, ID cards, tax reports, etc. User “xenZen” allegedly created the chatbots that shared this information with buyers upon request.
After the Telegram bots were marked “suspicious” by the platform, a website allegedly emerged where the hackers wrote, “You can check the authenticity of the data in the Telegram bots and read about how they sold it.”
Interestingly, before even acknowledging the attack, Star Health had already taken Telegram to the Madras High Court for “hosting the chatbots” that eventually sold the data. However, this isn’t the first time that data breach concerns have engulfed Telegram.
The CoWIN drama
In June last year, the private information of thousands of Indians — who had been registered on the CoWIN app to get their Covid vaccines — was leaked online via a Telegram bot.
In this data breach, phone numbers, Aadhaar details, passport details, etc, were made public – including the private data of public figures like pformer Union health minister Harsh Vardhan, Congress’ KC Venugopal, and Kerala minister Veena George, among others.
More recently, in June this year, the National Testing Agency’s UGC NET exam paper was leaked on the platform one day before the exam was to be held, leading to the paper being cancelled, which affected over 9 lakh people. Similarly, the NEET UG and PG papers were also allegedly found on the app before the exam was held, ready to be sold at prices touching lakhs of rupees.
There are a host of other problems too. In May this year, the Securities and Exchange Board of India hit a Telegram operator with a Rs 50 lakh fine for manipulating the stock market and prices.
Problems like circulation of pirated content, pornography, etc, have been consistent with Telegram too.
But why Telegram?
But why has Telegram been involved in so many cybersecurity breaches with citizens’ data left accessible for anyone on the platform to see? For one, the platform has easy ways you can connect with people globally. It gives you options to create chatbots that a lot of users employ to share the breached information. Telegram is also known for the anonymity it provides to its users.
Up until its recent announcement about being more transparent, Telegram would not share the data of its users, as a policy. That seems to be changing quick now though.
