Indian Truecaller users’ data on sale, company denies breach
After an online intelligence firm flagged that a cybercriminal was selling Truecaller records of 4.75 crore Indians on dark web for just about Rs 75,000, the Swedish caller identification app on Wednesday denied any breach of its database.
“There has been no breach of our database and all our user information is secure. We take the privacy of our users and the integrity of our services extremely seriously and we are continuously monitoring for suspicious activities,” a Truecaller spokesperson said in a statement.
“We were informed about a similar sale of data in May 2019. What they have here is likely the same dataset as before. It’s easy for bad actors to compile multiple phone number databases and put a Truecaller stamp on it.
“By doing that, it lends some credibility to the data and makes it easier for them to sell. We urge the public and users not to fall prey to such bad actors whose primary motive is to swindle the people of their money,” the spokesperson said.
Online intelligence firm Cyble in a blog on Tuesday said that its researchers have “identified a reputable seller, who is selling 47.5 Million Indians Truecaller records for $1000. The data is from 2019.”
“Looking at the information itself, it has over 47.5 million records, and it includes interesting information such as phone number, carrier, name, gender, city, email, Facebook ID and others,” said the blog post.
On Wednesday, Cyble updated the blog to say that the same hacker has dropped another 600 million records for sale.