New information online claims that the personal data of lakhs of users in India from the caller identity app Truecaller is available for sale online. The personal data of users include their names, email addresses, and phone numbers. The information also noted that the data on sale is not limited to Indian customers and instead, it likely covers almost all Truecaller users. The only difference here seems to be the fact that the data of Indian users is available for about Rs 1.5 lakh or 2000 Euros while data for the rest of the users is set to “as high as 25,000 Euros.
According to a report by The Economic Times, the availability of the data was spotted by a cybersecurity analyst who keeps track of such transactions on the dark web. For the people who may not be aware of the dark web, it is a section of the internet that is not directly available by casual users. In response to the initial report, Truecaller noted that it has not suffered any data breach or any database leak. In fact, the company noted that it found instances where some of its own users were misusing the platform. As part of the misuse, they were using the app to scrape or copy the personal data of multiple users. For the people unaware of this, Truecaller does allow its users to search for unlimited numbers.
In a statement noted in the report, Truecaller representative added, “It has been recently brought to our attention that some users have been abusing their accounts.” He went on to add “In light of this event, we would like to strongly confirm at this stage that there has been no sensitive user information being accessed or extracted, especially our users financial or payment details”. It also stated, “The team has been investigating the matter and has found a very large percentage of the sample data does not match or is not Truecaller data”. The report noted that random numbers used to search the database showed results that were identical to the one that was provided by the security analyst.
Furthermore, Truecaller stated that after investigating accounts for misusing the provided feature on the platform, the company has already put in daily limits on the number of mobile numbers that an account can search in a single day. The company reiterated, “We would like to reinforce that this was not an attack on our database, as data stored on our servers is highly secured. We take the privacy of our users and the integrity of our services, extremely seriously. As we investigate, we will continuously implement new protocols to prevent any future attempts.” However, the report noted that this much amount of data can only be acquired with the help of a database breach.