Data from Truecaller, the Swedish caller identity app company, is reportedly being sold in private internet forums, including data on customer phone numbers and email addresses of users around the world.
According to a report in the Economic Times, a cybersecurity analyst who monitors these types of transactions told the paper that the data is being sold on the dark web for around Rs 1.5 lakh (2000 Euros.) Data on global users are going for as much as 25000 Euros. Truecaller has 140 million users around the globe.
“It has been recently brought to our attention that some users have been abusing their accounts,” a representative for Truecaller said in a statement to the news outlet. “In light of this event, we would like to strongly confirm at this stage that there has been no sensitive user information being accessed or extracted, especially our users financial or payment details.”
Despite the statement out of Truecaller, the news outlet said it reviewed a sample of the data that is being sold on the dark web and found it that had personal identifiers including the user’s address and the mobile service provider. “The team has been investigating the matter and has found a very large percentage of the sample data does not match or is not Truecaller data,” Truecaller said in response to that.
The report noted that earlier in 2019 the caller identity app said it started looking into users accounts that may have abused access to its platform. It had previously set daily limits on the number of searches one account could do.
Truecaller went on to say in its statement that its database wasn’t attacked and that the data on its servers is “highly secured.” Still, cyber experts told the news outlet it’s not likely that such a large amount of data wasn’t accessed via a data breach.