Experts from the IICS cyber security training report a data breach at Truecaller, the popular service to avoid phone and SMS spam. The personal data of millions of service’s users, mostly residents of India, are exposed in hacker forums in dark web, an Internet sector where cybercriminals can put on sale illicit products and services.
According to multiple members of the cybersecurity community, the personal data of Truecaller users, including full names, email addresses, among others, have been detected in various hacking forums on dark web. The criminals offer the information of the users of Truecaller in India in exchange for about €2000; On the other hand, the information of the users at global level is offered in exchange for about €25k.
Experts from the IICS cyber security training who initially reported the incident also found evidence to confirm that hackers have been making unauthorized copies of the compromised information, in addition to the fact that, among the exposed data, it is possible to find information of residence and service provider of mobile telephony of the users.
To conclude, the experts stated that, during their long investigation, they found a considerable amount of similar information but that does not belong to Truecaller.
When questioned about the incident, Truecaller responded by denying that a data gap existed; “Our users’ data is completely protected and we do not have any evidence to suggest otherwise; the personal and financial information of our users has not been compromised at all”, mentions a statement from the company.
According to the cyber security training from the International Institute of Cyber Security (IICS), the company argues that the information was exposed by other sources and was not obtained from a direct attack on the Truecaller servers; However, the company is committed to revising its information security protocols and implementing measures that are necessary to prevent these kinds of incidents from occurring again.