A disturbing new investigation has uncovered a Telegram bot that is brazenly selling highly sensitive personal data of Indian citizens—including Aadhaar numbers, PAN card details, voter IDs, and residential addresses—for as little as ₹99. First reported by Digit, the bot operates openly on the encrypted messaging platform, allowing users to retrieve comprehensive personal profiles by simply entering a 10-digit mobile number.
The investigation revealed that the bot delivers results within seconds, offering full names, father’s names, alternate contact numbers, current and previous addresses, and even scanned identity documents. The pricing model starts at ₹99 per individual request and scales up to ₹4,999 for bulk or unlimited monthly access, making the service disturbingly affordable and accessible.
To verify the authenticity of the data, the publication tested the bot using mobile numbers belonging to its editorial team. The results were accurate and up to date, in some cases reflecting information from just three to four years ago. While the precise source of the leak remains unclear, experts suspect it may be linked to historic breaches involving telecom providers, fintech applications, and public utilities.
Telegram bots are a standard feature and can be developed by anyone to automate tasks or integrate services. However, the misuse of this capability to facilitate large-scale privacy violations exposes a serious gap in oversight and moderation on encrypted platforms.
Grave Implications for Privacy and Security
Cybersecurity experts warn that such tools can be exploited for a wide range of malicious activities including:
Identity Theft
SIM Swapping
Fraudulent KYC Verification
Financial Scams
Harassment and Impersonation
With personal information so readily available, threat actors can easily impersonate individuals to gain unauthorized access to bank accounts, commit fraud, or exploit social engineering vulnerabilities.
This incident also revives concerns following the massive data breach reported earlier this year, where over 16 billion credentials were found circulating online. It underscores a harsh reality: in the digital age, personal privacy is becoming increasingly elusive.
The Need for Urgent Regulatory Action
Despite recurring concerns about Telegram being used for piracy, illegal drug sales, and now data trade, enforcement and regulatory action remain minimal. The availability of such bots with little to no oversight raises critical questions about platform accountability, data protection enforcement, and the adequacy of India’s cybersecurity framework.
How to Safeguard Your Data
In light of this alarming development, citizens are urged to take proactive steps to protect their digital identities:
Lock your Aadhaar via the official UIDAI portal
Avoid using unverified apps and websites
Never share OTPs or personal data over phone calls
Be alert to suspicious SIM porting or KYC requests
Audit your digital footprint regularly
Report incidents via the national cybercrime helpline (1930) or cybercrime.gov.in
This episode highlights the critical need for stronger data protection laws, stringent enforcement mechanisms, and responsible platform governance. Until then, the onus remains on individuals to remain vigilant and take every possible measure to secure their personal information—because in today’s digital marketplace, your identity can be traded for less than the cost of a cup of coffee.
Recent Random Post:
