What a week this has been! So much controversy over Truecaller data being sold on Dark Web while the company denies the responsibility. However, Truecaller’s unwillingness to acknowledge the responsibility for its users’ private data being sold to third parties isn’t new.
Truecaller data breach reported
According to an online intelligence firm Cyble, Truecaller data of 4.75 crore Indians are at risk. The database that comprises numbers, names, gender, email addresses, job titles, physical addresses, Facebook IDs, among other things is reportedly up for grabs for Rs 75,000.
Cyble researchers argue that the credibility of the seller is undisputed:
“While Truecaller has denied this leak entirely, however, to-date we haven’t been requested for a sample from their team yet – we are also surprised by how they arrived at a conclusion considering: They haven’t performed any validation that the data we have is the same from 2019.”
Last year, a similar Trucaller data breach was reported, which rendered a similar response from the company, something along the lines of ‘we are not the source of the breach…we are not under attack…we are safe to use’ etc.
Well, Truecaller, your platform may be safe as you claim but your users’ privacy is clearly not. There’s enough evidence to support the statement that Truecaller user data worth crores of rupees is being sold on third-party sites, and unfortunately, there’s nothing anyone can do about it.
Truecaller’s tendency to deny the responsibilities of such incidents may be justified once or twice but not always. Going by the company’s statement from last year, the data leak may have caused due to some users abusing their accounts to an extent where Truecaller was not in control of the outcome. And the reason why we are referencing Truecaller’s response from last year is that the company hasn’t issued a security advisory in the wake of fresh reports this time around.
Truecaller customer support chose to individually ‘assure’ users that their information is secure and the breach was an attempt to malign its brand name:
“We assure you that there has been no breach. All user information is secure. We take user privacy and the integrity of our services extremely seriously. This is a misuse of our brand name to sell data and we will take action against them. Truecaller is safe to use.”
We have reached out to Truecaller for its official statement and we’ll update the story once we have one.
UPDATE: Truecaller breach can’t be verified, says a security researcher.