Popular caller ID app Truecaller has reportedly been subject to a data breach involving the personal data of 47.5 million Indians. Cybersecurity firm Cyble points out that malicious actors are selling the data in question via dark web at a throwaway price of $1000.
According to Cyble, the data is from 2019. The records are classified based on various factors such as state, cities, and the network operator. In addition, the leaked data involves the user’s name, contact number, name, gender, city, e-mail address, Facebook ID, and Twitter handle.
As noted by the firm, the leak exposes data including but not limited to Truecaller users from Andhra Pradesh, Bihar, Delhi, Haryana, Madhya Pradesh, Maharashtra, North-East India, Orissa, and Punjab.
“Cyble researchers are progressing with their analysis, but clearly, this leak may have a potential impact on broader users in India such as spams, scams, identity thefts etc.”, said the firm in a blog post.
Truecaller, however, has denied the breach. “It’s easy for bad actors to compile multiple phone number databases and put a Truecaller stamp on it. By doing that, it lends some credibility to the data and makes it easier for them to sell,” said a Truecaller spokesperson.
The company mentions that they were informed about a similar data sale in May last year and claims this could be the same dataset. As mentioned above, this dataset also happens to be from 2019 but it remains unclear if both datasets are the same.
“We urge the public and users not to fall prey to such bad actors whose primary motive is to swindle the people of their money,” the spokesperson added.