Truecaller database hacked into, millions of phone records stolen
The Syrian Electronic Army claims it has managed to get access into the databases of the largest "telephone directory" in the world.
Update: Truecaller has issued an official statement on the incident. For full text, scroll down.
New Delhi: Truecaller, the collaborative global phone directory has been hacked into by the Syrian Electronic Army. The hacker group claimed on its Twitter accounts and its website, that it has managed to get access into the databases of the largest "telephone directory" in the world.
"The Syrian Electronic Army hacked the Truecaller (The global phone directory) website and database. The databases content a hundred of millions of phone numbers and its owners in addition of millions of Facebook/Twitter/Linkedin/Gmail accounts," says a statement on the hacking groups website.
Syrian Electronic Army, which has been involved in a number of much discussed hacking incidents in the past, have also posted screenshots of the website's WordPress dashboard and database and also tweeted the database access credentials. According to the hackers about 560 GB of data was downloaded from Truecaller servers and "much of the information that were stored the in the databases has been delivered to the Syrian government."
Truecaller is a very popular app and is used to identify the names associated with phone numbers. The Truecaller app is available for Android, iPhone, Windows Phone, Blackberry and Nokia Symbian operating systems. According to the counter on the Truecaller website, the service is close to reaching a billion phone numbers.
We are currently unable to independently verify the authenticity of the incident are awaiting Truecaller's response to the reported incident. Truecaller hasn't posted any update on any of its social profiles at the time of posting.
Truecaller has posted an official statement on the incident. Full text follows:
"Truecaller experienced a cyberattack on our website that resulted in an unauthorized access to some data. We were able to shut it down moments after we discovered it. Our investigation into the matter indicates the attackers were able to access 'tokens', which was immediately reset. Metaphorically speaking, a 'token' is a unique lock for each user, but what the attackers did not acquire is the needed key, which has also been reset.
Truecaller does not store passwords, credit card information, or any other sensitive information about our users. It is false information that attackers were able to access our user's Facebook, Twitter, or any other social media passwords.
We are still investigating the extent of unauthorized access of our database. We have outlined steps to help us deal with the situation. These steps include more complex security measures and various other tools we want to keep within the company.
We feel it is crucial to publicise the attack because it is important that we keep true to the honesty and integrity of the Truecaller brand.
We want to thank our users for their patience, as we are still investigating and acquiring information."