Another day, another data breach. This time your favourite calls identity app – Truecaller – is facing data breaching allegation. Data of Truecaller users, which includes names, phone numbers and email addresses of users worldwide, is available for sale on the dark web, according to a cybersecurity analyst.
The Economics Times, who reported first, said that Indians account for 60-70 percent of Truecaller's entire userbase (140 million users) and their data is being sold for about €2,000 (approx. Rs 1,55,000), while the data of global users are priced as high as €25,000 (approx. Rs 20,00,000) on dark web.
The Stockholm-based company that also provides payment service in India through UPI (Unified Payment Interface) denied any data leakage. However, Truecaller said it has found instances of unauthorized copying of data by its own users.
"We would like to strongly confirm at this stage that there has been no sensitive user information being accessed or extracted, especially our users financial or payment details," the spokesperson of Truecaller said to the publication.
Citing the report, the sample dataset, which was on sale, includes personal identifiers as well as the state of residence and users' mobile service providers. The manual search of these data on the Truecaller app results in the same information as on dataset.
"The team has been investigating the matter and has found a very large percentage of the sample data does not match or is not Truecaller data," the Swedish company said.
However, cyber experts point out that such a large chunk of data could only be accessed by breaching the database of Truecaller. "It is not only this data, but there is also data available from multiple financial institutions. Organisations should take precautions, monitor the dark web and protect customer data," said J Prasanna of Cyber Security & Privacy Foundation, a Singapore-based company.
Prior, Truecaller had to fix a vulnerability in its app after researchers found that user data was inadvertently leaked in 2016.
Frequent cases of a data breach across various platforms have dreaded users about apps. Recently, Facebook, WhatsApp, Instagram, and various e-commerce and service websites have faced data leakage allegations. With such cases, famous websites and apps are losing their credibility, and they would have to do something to secure users' data.