Truecaller Indian User Data Is Sold On The Dark Web And The Company Denies A Data Breach

Truecaller users' personal data belonging to lakhs of its Indian users is for sale on the Internet, according to new information surfacing online. The user data reportedly sold includes phone numbers, email addresses, and names. It was also noted by the information that the data Truecaller is selling not only covers users in India but also the others. And it appears that the only difference is the price, while Indian user data is on sale for Rs 1.5 lakh, data of the others is priced at as high as Rs 19.5 lakh.

The Economic Times reported that a cybersecurity analyst initially spotted the sale of this user data while keeping track of such transactions on the dark web. In case you are not familiar with the dark web, this is a section of the internet which casual users can’t directly access to. Truecaller responded to the initial report that there was no data leak or breach. On the other hand, it added that some of its users were found to be misusing the platform for malicious purposes. In particular, some users were scraping and copying personal data of other users using the app (note: Truecaller lets users search for unlimited numbers).

In addition, Truecaller representative noted in the report that the company has been aware of some users abusing their accounts. Meanwhile, it confirmed that sensitive user info hasn't been accessed or extracted, especially regarding payment and financial details.

Furthermore, the company said that it has been conducting an investigation into the matter, which has led to the discovery of a large amount of data not matching or belonging to Truecaller. It was also noted in the report that random numbers that are used for searching the database led to results identical to what the security analyst provided.

Plus, according to the company, after the investigation into the misuse of the platform’s feature, it now restricts how many mobile number an account is allowed to search per day. Truecaller said:

Nevertheless, the report claimed that someone can only scrape this much data through a data breach.