If you have an account on the Truecaller app, your profile details and data might be available for sale on private internet forums, a cyber security analyst who monitors such transactions told the Economic Times.
The data includes email, phone number and addresses of the users worldwide.
Data of Indian users, who make up 60-70% of Truecaller’s user base of about 140 million, is being sold for about 2,000 euros, or roughly Rs 1.5 lakh, while data of global users is priced at 25,000 euros, which amounts to a whopping Rs 20 lakh, according to the report.
The report says this data is available on the so-called dark web. Though the term ‘dark web’ is difficult to define, it is basically that part of the World Wide Web that requires special software to access and is not visible on search engines.
The particular data breach case is all the more sensitive since Truecaller also offers payment services through the Unified Payment Interface (UPI) to Indian users. So any vulnerability in the app may expose financial data of millions of users.
Meanwhile, Truecaller has denied any breach of its database by hackers, the report said.
However, the company had said it found instances of unauthorized copying of data by its own users. Truecaller offers a premium model where paying subscribers can search for an unlimited set of numbers on the platform.
“It has been recently brought to our attention that some users have been abusing their accounts,” a representative for Truecaller was quoted in the report. “In light of this event, we would like to strongly confirm at this stage that there has been no sensitive user information being accessed or extracted, especially our users’ financial or payment details.”
Truecaller had earlier this year also said that it was investigating into user accounts suspected of having abused access to its platform. It has already set daily limits on the number of searches by any one particular user account. “We would like to reinforce that this was not an attack on our database, as data stored on our servers is highly secured. We take the privacy of our users and the integrity of our services, extremely seriously. As we investigate, we will continuously implement new protocols to prevent any future attempts” Truecaller said.