Yet another case of data breach has come light with the private information of Truecaller users reportedly available for sale on internet forums. This includes the email, phone number and addresses of the users worldwide.
A report in ET attributing the information to an unnamed cybersecurity analyst who monitors such transactions, says that data of Indian users are being sold for about Rs 1.5 lakh (2000 Euros) on the dark web, while data of global users is sold at anywhere around 25000 Euros.
What makes users’ of the popular smartphone app truly vulnerable is that it also offers payment services through the Unified Payment Interface (UPI). Moreover, it also has a premium model where paying subscribers can search for an unlimited set of numbers on the platform.
Indian users comprise of 60-70 per cent of the Truecaller’s user base of about 140 million and therefore more susceptible to their private information being leaked.
The Stockholm based company has denied any breach of its database by hackers. It, however, said that it has come across instances of unauthorised copying of data by the users themselves. Truecaller assured in a statement that no sensitive user information being accessed or extracted, especially the users’ financial or payment details.
Detailing the measure being taken to deal with the issue, Truecaller said user accounts suspected of having abused access to its platform have already been marked and a daily limit been fixed on the number of searches by any user.
However, cybersecurity experts point out that such a large slice of data can only float around in dark web if the data has seriously been breached.
Frequent cases of a data breach across various platforms have exposed the vulnerability of the users to such risks. Facebook had come under severe attack for leaking the private information of its users on several different occasions.
August 2017 saw hackers obtain and sell email addresses and phone numbers of around 6 million Instagram users. In September 2018, Facebook security vulnerabilities made malicious parties to gather the personal information of almost 50 million users.