Caller identification app Truecaller has denied data breach of its systems. Database consisting of personal details of 4.75 crore Indians had recently appeared on the dark web to be sold for $1,000. The data leak, found by American cyber intelligence firm Cyble Inc, contained details, including the user’s name, gender, age, city, telecom service provider, Facebook account, email id and mobile number.
According to Truecaller, there has been no breach of the company’s database and all user information was secure. ‘We were informed about a similar sale of data in May 2019. What they have here is likely the same dataset as before,’ a company spokesperson said in a statement.
‘It’s easy for bad actors to compile multiple phone number databases and put a Truecaller stamp on it. By doing that, it lends some credibility to the data and makes it easier for them to sell,’ the spokesperson added.
The information from the leaked database has been indexed on AmIBreached.com, a breach monitoring website that Cyble manages for users to find whether their personal data has been part of any data leaks. While it is unclear who leaked the data on the dark web, the person goes by the user handle TooGod. While Truecaller claims that there has been no breach of its system, the leak could still be a problem for the company. The nature of the service allows users to search for numbers of others who use the app, and a ‘bad actor’ can use this to create a database of their own too. Many users have been opposed to this idea and see it as a breach of their privacy.