Truecaller Indian User Data Is Sold On The Dark Web And The Company Denies A Data Breach

Dhir Acharya - May 24, 2019

Truecaller users' personal data belonging to lakhs of its Indian users is for sale on the Internet, according to new information surfacing online.

Truecaller users' personal data belonging to lakhs of its Indian users is for sale on the Internet, according to new information surfacing online. The user data reportedly sold includes phone numbers, email addresses, and names. It was also noted by the information that the data Truecaller is selling not only covers users in India but also the others. And it appears that the only difference is the price, while Indian user data is on sale for Rs 1.5 lakh, data of the others is priced at as high as Rs 19.5 lakh.

Truecaller-users-personal-data-in-for-sale-online-1 — Truecaller users' personal data in for sale online

The Economic Times reported that a cybersecurity analyst initially spotted the sale of this user data while keeping track of such transactions on the dark web. In case you are not familiar with the dark web, this is a section of the internet which casual users can’t directly access to. Truecaller responded to the initial report that there was no data leak or breach. On the other hand, it added that some of its users were found to be misusing the platform for malicious purposes. In particular, some users were scraping and copying personal data of other users using the app (note: Truecaller lets users search for unlimited numbers).

In addition, Truecaller representative noted in the report that the company has been aware of some users abusing their accounts. Meanwhile, it confirmed that sensitive user info hasn't been accessed or extracted, especially regarding payment and financial details.

The-report-said-it-must-be-a-data-breach-to-scrape-that-much-data-2 — The report said it must be a data breach to scrape that much data

Furthermore, the company said that it has been conducting an investigation into the matter, which has led to the discovery of a large amount of data not matching or belonging to Truecaller. It was also noted in the report that random numbers that are used for searching the database led to results identical to what the security analyst provided.

Plus, according to the company, after the investigation into the misuse of the platform’s feature, it now restricts how many mobile number an account is allowed to search per day. Truecaller said: