Breaking News
Experts suspect earlier breaches from telecom, fintech, or public databases may have fueled this alarming data leak.
A shocking case of digital privacy violation has emerged in India as a Telegram bot is reportedly selling sensitive personal data of Indian citizens for as little as ₹99 per request. The bot, which is openly accessible on the messaging app Telegram, enables users to retrieve comprehensive identity profiles using just a 10-digit mobile number—posing a major threat to data privacy, cyber security, and national digital infrastructure.
According to a recent investigation, the bot provides alarmingly accurate information such as Aadhaar numbers, PAN card details, voter IDs, current and previous residential addresses, phone numbers, and even family details. In some cases, the data is shockingly up to date—only 3 to 4 years old—which raises concerns about its source.
Cybersecurity experts believe the leaked data may have originated from earlier breaches involving telecom operators, fintech platforms, public utilities, or Aadhaar-linked databases. The ease of access and low pricing—₹99 for single lookups and up to ₹4,999 for bulk or unlimited monthly queries—indicate a well-structured, monetized operation exploiting gaps in India’s data protection framework.
The bot’s functionality was tested using phone numbers of the investigation team’s own members, and results revealed real names, alternate contacts, and precise address histories, validating the scope and authenticity of the leak. This incident highlights a serious loophole in data governance, especially with India still implementing its Digital Personal Data Protection Act (DPDP Act), 2023.
With rising cyber fraud cases and identity theft incidents across India, this Telegram bot leak is a wake-up call for regulatory bodies, citizens, and organizations to strengthen cybersecurity measures, enforce strict data-sharing policies, and urgently investigate the source of the breach. The incident also underscores the growing misuse of encrypted messaging platforms like Telegram for illegal data trade and calls for faster implementation of digital privacy regulations.
Authorities are being urged to take swift action to block the bot, investigate the breach’s origins, and hold entities accountable for any negligence that may have led to this massive data exposure.
According to a recent investigation, the bot provides alarmingly accurate information such as Aadhaar numbers, PAN card details, voter IDs, current and previous residential addresses, phone numbers, and even family details. In some cases, the data is shockingly up to date—only 3 to 4 years old—which raises concerns about its source.
Cybersecurity experts believe the leaked data may have originated from earlier breaches involving telecom operators, fintech platforms, public utilities, or Aadhaar-linked databases. The ease of access and low pricing—₹99 for single lookups and up to ₹4,999 for bulk or unlimited monthly queries—indicate a well-structured, monetized operation exploiting gaps in India’s data protection framework.
The bot’s functionality was tested using phone numbers of the investigation team’s own members, and results revealed real names, alternate contacts, and precise address histories, validating the scope and authenticity of the leak. This incident highlights a serious loophole in data governance, especially with India still implementing its Digital Personal Data Protection Act (DPDP Act), 2023.
With rising cyber fraud cases and identity theft incidents across India, this Telegram bot leak is a wake-up call for regulatory bodies, citizens, and organizations to strengthen cybersecurity measures, enforce strict data-sharing policies, and urgently investigate the source of the breach. The incident also underscores the growing misuse of encrypted messaging platforms like Telegram for illegal data trade and calls for faster implementation of digital privacy regulations.
Authorities are being urged to take swift action to block the bot, investigate the breach’s origins, and hold entities accountable for any negligence that may have led to this massive data exposure.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
