TrueCaller gets hacked, information of Millions at risk

The servers of Truecaller, a service that claims to be the world’s largest collaborative phone directory, seem to have been hacked by hackers representing Syrian Electronic Army. The hackers managed to get away with seven databases including the main database that represents 450GB of data, Ehacking News reports.  The hacking group announced this in a post on Twitter, along with an image that showed details of some users of the app. Syrian Electronic Army broke the news via a tweet saying, "Sorry @TrueCaller, we needed your database, thank you for it." The hackers openly released TrueCaller's database host ID, username and password via another tweet. Syrian Electronic Army broke the news via a tweet saying, "Sorry @TrueCaller, we needed your database, thank you for it." The hackers openly released TrueCaller's database host ID, username and password via another tweet. The hackers claim to have data of over a million users with their Facebook, Twitter, LinkedIn and Gmail accounts. The extent of data theft is unknown at the moment. Reports say that TrueCaller website went down for a while but is now back online. In June this year, TrueCaller announced that its user base has touched the 20-million mark, representing growth of 100% in a period of five months. It said that it has 1 million users in India in March. If the latest claim made by the SEA is to be believed, users from countries such as China, Turkey and Hong Kong are among those hit by the ‘hack-attack’. The group posted a screenshot on its Twitter account showing contact details of users from these countries, 15 hours after the first post related to the Truecaller attack was made. Truecaller works by users agreeing to share their phonebook with the service that lets Truecaller display the name of the caller if it is not saved in the recipient’s phonebook. It is unclear whether the phonebook database containing names, numbers and other contact details of non-users was accessible to hackers or not Truecaller acknowledges getting hacked, refutes storing social network credentials Truecaller has issued a statement regarding hacking claims from Syrian Electronic Army earlier this morning. The company acknowledged a cyberattack on its website but refuted claims that it stored account details of its user’s social networks using which the hackers could gain control of those accounts. “Truecaller does not store passwords, credit card information, or any other sensitive information about our users. It is false information that attackers were able to access our user’s Facebook, Twitter, or any other social media passwords,” the company said in the statement. Truecaller is still working to find the extent of damage. Here’s the complete statement.

Truecaller experienced a cyberattack on our website that resulted in an unauthorized access to some data. We were able to shut it down moments after we discovered it. Our investigation into the matter indicates the attackers were able to access ‘tokens’, which was immediately reset. Metaphorically speaking, a ‘token’ is a unique lock for each user, but what the attackers did not acquire is the needed key, which has also been reset. Truecaller does not store passwords, credit card information, or any other sensitive information about our users. It is false information that attackers were able to access our user’s Facebook, Twitter, or any other social media passwords. We are still investigating the extent of unauthorized access of our database. We have outlined steps to help us deal with the situation. These steps include more complex security measures and various other tools we want to keep within the company. We feel it is crucial to publicize the attack because it is important that we keep true to the honesty and integrity of the Truecaller brand.We want to thank our users for their patience, as we are still investigating and acquiring information.