https://www.thehindubusinessline.com/info-tech/jqbkj9/article25772351.ece/alternates/LANDSCAPE_730/truecallerjpg
Truecaller logo   -  Twitter/Truecaller

Data of 4 crore Indian users of Truecaller up for sale on dark web: Report

by

Cybercriminals have leaked personal data of over four crore Indian users of the Truecaller app on the dark web, according to recent reports.

The leak has been detected by cybersecurity researchers at Cyble Inc., a firm founded by global cybersecurity expert Beenu Arora. Cyble had also reported two major data leaks on the dark web affecting Indian users earlier this month.

“Our researchers have identified a reputable seller, who is selling 47.5 Million Indians Truecaller records for $1000. The data is from 2019,” the Cyble report read.

The data is being sold by the carrier at a relatively low price point according to the firm.

“We were also taken off by surprise with such a low price point (in our opinion),” the report further read.

The security firm had analyzed the data for validating the authenticity of the same. According to their preliminary analysis, the information had been organized by state, cities and carrier.

The samples shared by the report showed data from users belonging to the various Indian states including Maharashtra, Bihar, Andhra Pradesh, Delhi, Haryana, Madhya Pradesh, North East India, Odisha and Punjab. The report also showed sample records from major cities such as Delhi and Mumbai.

Over 47.5 million records have a range of personal records such as Phone Number, Carrier, Name, Gender, City, Email, Facebook ID, etc.

According to the firm, this data leak can have major repercussions for users such as spams, scams, identity thefts etc. Indian central and State cybercrime agencies are looking into the matter considering the impact that the leak could have, the Hindu reported.

“Cyble has indexed this information on AmiBreached.com – Cyble’s data breach monitoring and notification platform. People who are concerned about their exposure can register on the website to ascertain their exposure,” the firm said.

Cyble also issued an update to the report on Wednesday stating that the same actor had leaked more records on the dark web. “The same actor has dropped another 600 Mn records for sale,” the firm said.

 

"There has been no breach of our database and all our user information is secure. We take the privacy of our users and the integrity of our services extremely seriously and we are continuously monitoring for suspicious activities,” said a Truecaller spokesperson.
“We were informed about a similar sale of data in May 2019. What they have here is likely the same dataset as before. It's easy for bad actors to compile multiple phone number databases and put a Truecaller stamp on it. By doing that, it lends some credibility to the data and makes it easier for them to sell. We urge the public and users not to fall prey to such bad actors whose primary motive is to swindle the people of their money,” they further said.