Truecaller has however denied the data breach.
Truecaller data of 4.75 crore Indian users have been put on sale on the dark web for around ₹75,000, online intelligence firm Cyble reported. Truecaller however denied the report saying that there’s no breach on its database.
The Truecaller data is from 2019 and the information available on the dark web has been categorised based on states, cities and carriers, Cyble said in a blog post. User information available includes phone number, carrier, name, gender, email address, Facebook ID and more.
Cyble has also published the leaked details on its blog post. The security firm also suggested that this information trove will lead to scams, spams, and identity thefts.
Truecaller on the other hand refutes the report and says that there’s no data breach as claimed by Cyble.
“Thank you for bringing this to our attention. There has been no breach of our database and all our user information is secure. We take the privacy of our users and the integrity of our services extremely seriously and we are continuously monitoring for suspicious activities. We were informed about a similar sale of data in May 2019. What they have here is likely the same dataset as before. It’s easy for bad actors to compile multiple phone number databases and put a Truecaller stamp on it. By doing that, it lends some credibility to the data and makes it easier for them to sell. We urge the public and users not to fall prey to such bad actors whose primary motive is to swindle the people of their money,” a Truecaller spokesperson said in a statement.
Truecaller also pointed out that it does not upload a user’s phone book which is a common misconception. Its database is however populated daily by users themselves who mark numbers as spam, correct names and contribute names as well. Cyble is yet to respond to this statement.