The number of data breaches of social media platforms is making a lot of noise in the industry today. Hackers have now started to compromise other platforms too and Truecaller is the latest victim. However, it is not the first time that Truecaller is grabbing a not-so-good headline, in 2016, BBC listed Truecaller as one of those platforms that are not safe as it would ask users to upload their phone’s contact lists when they install them.

This implies that the platform would have a huge database of numbers. That is not all, it also stated that according to Factwire, an investigative news organisation, searches could be conducted on the app provider’s official website without even installing the software. To the surprise, the organisation found numbers of leading Hong Kong lawmakers stored in the systems.

Prior to 2016, in 2013  Truecaller was in the news after it admitted that it had fallen victim to a cyber-attack and suffered a data breach. However, it stayed to its point that no sensitive information had been exposed. These are not the only instances, the contact details collecting app again came under the interrogation light in 2017 in India when the Jio suffered a data leak.

The major question here is — even after witnessing so much, why people are still willing to install apps like Truecaller and hand over their contact details like they are throwing away some garbage? 

Security and privacy should be one of the topmost priorities for everyone. And if you are still using Truecaller, this recent would definitely strike your thoughts and make you think one more time before continuing with this contact details collecting app.

Data Breach Spree Continues

Have you been using Truecaller for a quite some time now? If yes, then take some time off and read this.

Recently, Truecaller revealed that it has crossed the 100 million mark when it comes to daily active users in the market in India. Furthermore, the company also said that the growth came after it includes a number of other features including UPI-powered digital payments, chat features, flash messages, video calling, and SMS. Many Truecaller users might find it something really exciting, however, the excitement didn’t last for a long time as the app made headlines to shock the entire world.

According to a cybersecurity analyst who reported ET, data of Indian users, which is almost 100 million, is being sold for about Rs 1.5 lakh (2000 Euros) on the dark web, while data of global users are priced as high as 25000 Euros. That is not all, some sample datasets were also found that are currently on sale. The datasets contain sensitive information such as numbers, mobile service provider, state of residence, etc.

Even though, Truecaller have done its part of the investigation and didn’t find any traces of a breach; the company is completely denying that there is a data breach that has occurred. “We have analysed the data made available to us, a large percentage of the data provided does not match ours. There has absolutely not been any data breach in the process. We do not sell any kind of user data,” said Alan Mamedi, Co-founder of Truecaller, in an interview with ET Now.

However, it seems a bit hard to believe as it’s most of the time unlikely that such a huge amount of data is out on the DarkWeb without any breach happening. 

“The database also included user’s state of residence and mobile company. Also, state and mobile company name for any mobile number is public and available on Wikipedia,” said Rajshekhar Rajaharia, a Security Researcher.

Here is brief  info by Rajshekhar on the entire event:

• 29,90,55,819 Indian Mobile Numbers Leaked
• 1,92,06,906 Email Ids available
• 1,78,85,795 Subscribers Photos
• 20 Million Facebook Ids listed
• Thousands Celebrity, CEO, and Politicians’ Mobile Number Listed
• Dump files were created on Feb 2019
• Number, Carrier, Name, Gender, Image, Address, JobTitle, CompanyName, Email, Website, Facebook, Twitter, Tags, Badges, Score, SpamCount

What should an individual do at this point of time, where his data is out in the dark market on sale and the company is saying there is nothing wrong from their end? Is Truecaller still in denial? Or it is a hack that is far more complicated than Truecaller expects? Whatever, it is, users are the ones who are going to suffer.

Bottom Line

Data breaches will keep happening because technology is not just empowering companies but also helping hackers to come up with some of the most sophisticated ways to compromise. So what to do? Before using any application, always do a check whether it has a history of getting hacked. Also, make sure you why need this app, because you don’t want to keep an application that is not much of your use but putting your data at risk.  Truecaller has been under the interrogation light since quite some time and now with this recent headline, it is obvious that there something suspicious that people are not aware of.