A Telegram Bot Is Selling Indians’ Personal Data for ₹2.50 Per Search
By Asad Ashraf
June 9, 2026
Twenty-three-year-old Maryam Siddiqui (name changed) was trying to leave her family, where she said she had been facing harassment from an extended family member. She left her home in a small town in Bihar and travelled to Patna without informing her parents. After searching for her for ten days and filing a police complaint, her family was advised by a friend to use a bot that illegally tracks a person’s exact location, provides detailed coordinates and reveals sensitive personal information. In most legal systems, such unauthorised access to and disclosure of personal data would be considered a serious data breach.
Speaking to Newsreel Asia, Suhail (name changed) said the family was surprised when they found his sister at the exact location indicated by the application. He said they were also able to access a range of her personal information through the platform.
The bot on Telegram leaks sensitive details, including Aadhaar numbers, passport numbers, current and previous addresses, and parents’ names.
“In that particular situation, it was a blessing in disguise. But it also appears dangerous because it reveals highly sensitive personal information about an individual, including all mobile numbers used in the past, Aadhaar card details, and several other pieces of private data,” he said.
The bot, named Hiteckgroop, claims to have access to over 680 million (68 crore) records of people living in different parts of India, sourced from breaches involving Big Basket, Alien Text Base, 1Win and others.
When Newsreel Asia tested the bot using this reporter’s mobile number, it was possible to access and verify sensitive personal information, including PAN card details, passport information, Aadhaar numbers, family records and location data. The information could be retrieved using nothing more than a mobile number, with some data sets available for as little as ₹2.50.
Another user, who also requested anonymity, told Newsreel Asia that he had been using the bot to market and sell products by targeting customers on the basis of geographic, demographic and vehicle-related data, which he said helps determine a person’s income group. “I have been using this bot for some time to grow my online business by targeting customers through carefully selected data, and the results so far have been positive,” he said.
Newsreel Asia could not identify the original source of the bot, which identifies itself as Danger_devil1917. Despite multiple attempts to contact the admin, there was no response.
Another user, “Ravi” (name changed), told Newsreel Asia that he had been using the bot to verify prospective tenants and customers. “Initially, I used it out of curiosity after a friend shared it with me. Later, I realised how much information it could reveal about a person with just a phone number. It felt convenient at first, but the more I used it, the more unsettling it became. I could access details that I don’t think any ordinary citizen should be able to obtain so easily,” he said. “The worrying part is not that the information exists somewhere, but that it is available instantly and at such a low cost. Anyone can use it without any real oversight.”
Amit (name changed), who also uses the bot, said, “What surprised me was the sheer volume of information available through a single search. Within minutes, I could access details that would normally require official documents or consent. It made me wonder how many people’s personal data is circulating online without their knowledge.”
Privacy and cybersecurity experts have repeatedly warned that large-scale data leaks may carry consequences well beyond financial fraud. In recent years, several alleged breaches involving government databases, telecom records and private-sector platforms have raised serious concerns about the security of personal information in India. These incidents have exposed sensitive details ranging from names and addresses to Aadhaar-linked information, and have enabled identity theft, profiling, targeted scams and unauthorised surveillance.
The emergence of tools that can aggregate information from multiple leaked databases has significantly amplified this risk. Where individual breaches may reveal only fragments of a person’s digital footprint, aggregation platforms can combine disparate datasets to produce detailed profiles, covering family connections, location history, financial records and identity documents. Cybersecurity researchers have come to regard such aggregation as a force multiplier, one that turns isolated leaks into a comprehensive privacy threat.
Rupesh Mittal, a cybersecurity expert and advocate, told Newsreel Asia that the kind of data available through the bot has almost certainly originated from institutional breaches rather than individual-level hacking. Organisations that collect personal data at scale, whether private companies, healthcare providers, or government agencies, have in recent years proved vulnerable to sustained cyberattacks. When their databases are compromised, the extracted records tend to migrate to dark web forums, where they are sold, recombined with records from other breaches, and eventually find their way into aggregation tools of precisely the kind reported here.
“These data leaks are taking place through breach of data of organisations” and the real solution is to prevent those organisations from suffering data breaches in the first place, he said.
Mittal also said that tools of this kind have at times been used by law enforcement agencies to track individuals, raising questions about the legal basis for accessing such data and the oversight mechanisms governing its use. The same database that helped a family in Bihar locate a missing relative could, in different circumstances, be used by state authorities for surveillance.
Within India, the 2023 breach of the Indian Council of Medical Research exposed the personal information of over 815 million (81.5 crore) Indians, including Aadhaar and passport details, names, phone numbers, and addresses, and demonstrated how data extracted from a public health infrastructure could surface almost immediately on dark web marketplaces.
Shoshana Zuboff, professor emerita at Harvard Business School, argued in her 2019 book “The Age of Surveillance Capitalism” that personal data has become a raw material extracted from human experience and converted into behavioural prediction products sold to third parties. The Telegram bot reported here is a vernacular, illicit version of exactly this logic.
You have just read a News Briefing, written to cut through the noise and present a single story for the day that matters to you. We encourage you to read the News Briefing each day. Our objective is to help you become not just an informed citizen, but an engaged and responsible one.
