Truecaller hacked; millions of user records reportedly compromised

The Syrian Electronic Army have allegedly struck again, this time on the database of global phone directory, TrueCaller....

The Syrian Electronic Army has struck again. This time, the damage may be considerable because hackers seem to have gotten inside the system of Truecaller. Truecaller is a cross-platform global phone directory that allows users to identify a caller by either their name or the number from anywhere in the world.

The news first came when the Syrian Electronic Army (S.E.A) posted a tweet saying that they have hacked into the Truecaller website. In the tweet, the S.E.A showed a sardonic sense of humour by apologising to the website, while rationalising that they needed Truecaller’s database.

In another tweet, the group provided the database host address, database name, username and password in plain text. This has gone a long way in proving that the hack was valid and the group, in fact, did get away with a great deal of data.

Syrian Electronic Army reveals personal information stolen from Truecaller

Syrian Electronic Army reveals personal information stolen from Truecaller


According to E Hacking News, the S.E.A has stated that they hacked into the Truecaller server and got away with more than 7 databases. From the report, it has been found that the Truecaller main database is 450GB.


According to the report, the downloaded database include truecaller_ugc(459GB), truecaller (100GB),truecaller_profiles( 4GB), truecaller_api(123KB), truecaller_PushMe(2.2KB), tc_admin(7MB), tc_www:(70MB).   

What is really scary for all Truecaller users is that the stolen databases allegedly contained the access codes of more than a million Facebook, Twitter, LinkedIn and Gmail accounts. All this has the potential to not only compromise personal data, but also allow hackers to post updates from any of the victim’s accounts. The hackers have claimed that it was the outdated WordPress the website was using that gave them easy access to the admin panel.

However, Truecaller has now issued a statement saying that the cyberattack is not as grave as is being reported. On its official company blog, the site has said that the unauthorised access let hackers get away with access "tokens", which were immediately reset. The company has said, “Metaphorically speaking, a ‘token’ is a unique lock for each user, but what the attackers did not acquire is the needed key, which has also been reset.”


Further more, the company has said that it does not store passwords, credit card information, or any other sensitive information about its users. Thus, the Syrian Electronic Army’s claims that it got away with social media and email account passwords is false, according to the company. Stating that there is a proper investigation being conducted into the matter, Truecaller is planning to include more complex security measures to prevent any such attacks in the future.