Truecaller data of 4.75 crore Indians leaked on dark web for sale

A Truecaller spokesperson denied any breach of its database and said it is a compiled database which is being sold by using the name of the company so that the data looks credible

The Computer Emergency Response Team received the alert on February 10 about the Chinese hacker, called RedEcho, having targeted as many as 10 power grid entities and two maritime ports. Representational image: iStock

A cyber criminal has put on sale records of 4.75 crore Indians claimed to be sourced from online directory Truecaller for about ₹75,000 in the dark web, according to online intelligence firm Cyble.

A Truecaller spokesperson denied any breach of its database and said it is a compiled database which is being sold by using the name of the company so that the data looks credible.

“Our researchers have identified a reputable seller, who is selling 47.5 million Indians Truecaller records for USD 1,000 (about ₹75,000). The data is from 2019. We were also taken off by surprise with such a low price point,” Cyble said in a blog.

The user information on sale includes names, phone numbers, gender, email address, city, mobile network, Facebook id and many more. “Cyble researchers are progressing with their analysis, but clearly, this leak may have a potential impact on broader users in India such as spams, scams, identity thefts etc. We will update this blog as we get more information,” Cyble said.

Advertisement

The Truecaller data is said to be from the year 2019 and the information available on the dark web has been categorised based on states, cities, and carriers, Cyble said in a blog post.

The firm has also published the leaked details on its blog.

When contacted, a Truecaller spokesperson said, “There has been no breach of our database and all our user information is secure. We take the privacy of our users and the integrity of our services extremely seriously and we are continuously monitoring for suspicious activities.”

The spokesperson said that the company has information about a similar sale of data in May 2019.

“What they have here is likely the same dataset as before. Its easy for bad actors to compile multiple phone number databases and put a Truecaller stamp on it. By doing that, it lends some credibility to the data and makes it easier for them to sell. We urge the public and users not to fall prey to such bad actors whose primary motive is to swindle the people of their money,” the spokesperson said.

The personal data leaked by cyber criminals leads to various nefarious activities such as identity thefts, scams, and corporate espionage.

Last week, Cyble spotted personal data of 2.9 crore Indians being sold on the dark web which was sourced from job websites.

(With inputs from agencies)

CATCH US ON: