Nandini YadavMay 22, 2019 11:07:24 IST
If you are a Truecaller user, take out a minute to read this.
According to a recently released report, data of Truecaller users — such as names, phone numbers and email addresses — around the world have been leaked and are available for sale on the dark web.
The breach was first found by a cybersecurity analyst and was reported by Economic Times. The report reveals that Indians account for 60-70 percent of Truecaller’s entire userbase (140 million) and their data is being sold for about €2,000, which converts to more than Rs 1,55,000. On the other hand, the data of global users are priced as high as €25,000, which is about Rs 20,00,000.
Reportedly, some sample datasets were found to be listed on sale containing various personal details like numbers, mobile service provider, state of residence, etc.
Meanwhile, Truecaller has denied any such breach and the leak of any sensitive information, it does say that it has found some of its users 'abusing their accounts'. When we reached out to a Truecaller spokesperson we were told that the company ran a "thorough investigation" and found no traces of a security breach and that none of its financial information or passwords were compromised.
According to the Truecaller spokesperson:
"It has been recently brought to our attention that some users have been abusing their accounts. In light of this event, we would like to strongly confirm at this stage that there has been no sensitive user information being accessed or extracted, especially our users financial/payment details.
Upon becoming aware of the incident, the team has been investigating the matter and has found a large percentage of the sample data received as evidence does not match or is not Truecaller data. However, we believe some users have been abusing their Truecaller account on our website for a period of time to search for numbers. With limits and other precautionary measures in place, the scale of these users and searches are limited. Since the platform has strict limits to prevent misuse of the application and website, these malicious users have been trying to search for numbers using their own account over a wide period of time to avoid getting blocked or flagged by our systems.
We would like to reinforce that this was not an attack on our database, as data stored on our servers is highly secured. We take the privacy of our users and the integrity of our services, extremely seriously. As we investigate, we will continuously implement new protocols to prevent any future attempts.”
Contrary to the company's claims, cyber experts continue to believe that such a large chunk of data could only be accessed by breaching the database of Truecaller.