In a deeply concerning revelation, a Telegram bot has been found selling sensitive personal information of Indian citizens for as little as Rs 99, according to a report by Digit. The bot enables users to access full personal profiles by simply entering a mobile number.
The bot offers two pricing tiers:
Rs 99 per search
Rs 4,999 for unlimited monthly access
Upon entering a phone number, the bot reportedly provides data including:
Aadhaar number
PAN card details
Voter ID
Full address
Father’s name
Alternate phone numbers
Shockingly, the information supplied was found to be largely accurate and up to date, with some entries dating back 3–4 years. Experts believe this vast dataset has been compiled from multiple breaches, likely involving:
Public utility platforms
Fintech apps
Telecom service providers
The stolen data is believed to be stored either on the dark web or on a hidden private server.
This breach represents a significant national security concern, enabling:
Fake KYC procedures
Loan scams and financial fraud
Unauthorized bank access
SIM card cloning
Creation of fraudulent digital identities
Such widespread misuse of private data could have far-reaching implications for millions of Indian citizens.
The bot’s continued operation raises concerns over Telegram’s lack of regulation and content monitoring. While the specific bot's name was not revealed in the report, experts stress that Telegram’s history with piracy and shady operations demands stricter scrutiny.
Moreover, the absence of action by law enforcement or cyber regulators has drawn criticism. Many are questioning how platforms like Telegram are still being used to enable illegal trade in sensitive personal data without any accountability.
While large-scale data breaches are difficult for individuals to prevent, users can take steps to safeguard their digital footprint:
Lock your Aadhaar using UIDAI services
Avoid sharing personal details over unverified calls or emails
Use strong, unique passwords for financial accounts
Monitor your credit reports for suspicious activity
Report suspicious apps, messages, or transactions to cybercrime.gov.in
This incident serves as a critical warning about the vulnerabilities of India’s digital infrastructure. The ease with which private data is being sold for Rs 99 underlines the urgency for regulatory reforms, both in terms of data privacy laws and platform accountability.
The discovery of a Telegram bot selling sensitive personal data of Indian citizens for just Rs 99 raises serious questions about data security and the lack of regulation on encrypted messaging platforms. With access to Aadhaar, PAN, voter IDs, and full personal profiles, this breach poses a massive threat to individual privacy and national security.
While the bot's identity has not been publicly revealed, its existence highlights Telegram’s ongoing struggles with content regulation and the urgent need for law enforcement intervention. Such accessible and accurate data fuels a range of cybercrimes—from identity theft and SIM cloning to fraudulent financial transactions.
Until stricter data protection laws are enacted and enforced, the responsibility lies with users to protect themselves. Locking Aadhaar, avoiding suspicious links, and reporting cyber fraud are essential steps.
Ultimately, this breach should serve as a wake-up call for the government, citizens, and digital platforms to prioritize cybersecurity before the next crisis hits.