#TrueCallerLeak: Data available on dark web at Rs. 1.5 lakh
What's the story
In another case of lackluster security, personal information of several TrueCaller users has been spotted on sale.
The data was discovered on the dark web by a cybersecurity analyst who later informed the Economic Times.
However, weirdly enough, the Sweden-based caller-identity company has denied that its database has been breached by anyone.
Here's more on the matter.
Issue
Contact information of TrueCaller users on dark web
The analyst, who has not been named in the report, claimed that TrueCaller users' data has been selling on the dark web marketplaces.
The data containing the detailed user information, like their names, contact numbers, emails, even locations (state of residence) in some cases, is being sold in batches.
Now, this kind of information gives easy access to fraudsters and scammers.
Value
Indian users' data is available at Rs. 1.5 lakh
The database discovered on the dark web had a particular batch for Indian users, who make up more than half of TrueCaller's global user-base of 250 million.
This 'India-specific' database, the analyst said, was selling at a little over Rs. 1.5 lakh.
Notably, the information in the batch matched with legit TrueCaller users, but it's not clear how many entries it had in total.
Information
Global database selling at Rs. 20 lakh
While the TrueCaller's India specific database was selling at Rs. 1.5 lakh, the global batch is available at a whopping 25,000 euros, which translates to Rs. 20 lakh in the Indian currency.
Attack
Was TrueCaller attacked by a third party?
While cyber experts say such a huge chunk of information can only be extracted through a data breach, TrueCaller denies that.
The company says some users have abused their premium access accounts - which allows for unlimited searching - to look up numbers and scrape user details.
It also emphasizes that a large portion of this data doesn't match or is TrueCaller data.
Quote
Here's what TrueCaller's spokesperson said
"Since the platform has strict limits to prevent misuse of the application and website, these malicious users have been trying to search for numbers using their own account over a wide period of time to avoid getting blocked or flagged by our systems."
Security
Improved security measures promised
The issue has raised alarms among cybersecurity experts and users of TrueCaller, but the company stands by its original statement.
"This was not an attack on our database, as data stored on our servers is highly secured," the TrueCaller spokesperson added, noting that they "will continuously implement new protocols to prevent any future attempts."