Truecaller updates immediately after accused of data breach

Aarogya Setu : Open for all
29 May 2020
“Hack-for-hire” – A novel threat
1 June 2020

Truecaller is smartphone application that has features such as caller-identification, call-blocking, flash-messaging and call-recording that operate through an internet connection. The service requires users to provide a standard cellular mobile number for registering with the service. It was originally developed by a Swedish company called True Software Scandinavia AB in 2009 for BlackBerry.

Cyble is a third-party cyber risk intelligence firm. In its recent twitter post, it revealed that data of about 47.5 million Indian users which was sold for as cheap as $1000 in the dark web. It is still unsure whether such a data breach might result as an interface to sensitive data of users. In their blog, they also published the leaked details.

One of Cyble’s researcher found that Amazon’s unprotected S3 buckets also contain data from major websites

A spokesperson from Truecaller issued a statement denying all allegations from Cyble. “Thank you for bringing this to our attention. There has been no breach of our database and all our user information is secure. We take the privacy of our users and the integrity of our services extremely seriously and we are continuously monitoring for suspicious activities. We were informed about a similar sale of data in May 2019. What they have here is likely the same dataset as before. It’s easy for bad actors to compile multiple phone number databases and put a Truecaller stamp on it. By doing that, it lends some credibility to the data and makes it easier for them to sell. We urge the public and users not to fall prey to such bad actors whose primary motive is to swindle the people of their money.”

This said, Cyble seems to have a noteworthy record of reporting data breaches accurately. 

In fact, Cyble was the first to report that a 2.3GB zipped file was leaked on the dark web. It supposedly contained data of 29 million job seekers. This data is said to have leaked from a resume aggregator such as LinkedIn, Indeed or Naukri.

Another example would be that of Facebook and Sequoia funded platform Unacdemy  where data if approximately 22 million users was leaked and reported by Cyble.

With the increased dependency on the internet, massive threat is posed to millions of people whose data is readily available to hackers in a platter. As a consumer one can only beware and take reasonable measures to ensure their safety

– Ridha Dhawan

Member, Reporter’s Committee

Leave a Reply

Your email address will not be published. Required fields are marked *