Truecaller acknowledges getting hacked, refutes storing social network credentials

truecaller-1

Truecaller has issued a statement regarding hacking claims from Syrian Electronic Army earlier this morning. The company acknowledged a cyberattack on its website but refuted claims that it stored account details of its user’s social networks using which the hackers could gain control of those accounts. “Truecaller does not store passwords, credit card information, or any other sensitive information about our users. It is false information that attackers were able to access our user’s Facebook, Twitter, or any other social media passwords,” the company said in the statement.

Truecaller is still working to find the extent of damage. Here’s the complete statement.

Truecaller experienced a cyberattack on our website that resulted in an unauthorized access to some data. We were able to shut it down moments after we discovered it. Our investigation into the matter indicates the attackers were able to access ‘tokens’, which was immediately reset. Metaphorically speaking, a ‘token’ is a unique lock for each user, but what the attackers did not acquire is the needed key, which has also been reset.

Truecaller does not store passwords, credit card information, or any other sensitive information about our users. It is false information that attackers were able to access our user’s Facebook, Twitter, or any other social media passwords.

We are still investigating the extent of unauthorized access of our database. We have outlined steps to help us deal with the situation. These steps include more complex security measures and various other tools we want to keep within the company.

We feel it is crucial to publicize the attack because it is important that we keep true to the honesty and integrity of the Truecaller brand.

We want to thank our users for their patience, as we are still investigating and acquiring information.