Popular caller identity app, TrueCaller has found itself on the receiving end after a cybersecurity analyst revealed that user data, including phone numbers, emails and addressed were on sale in the dark web, Economic Times reports.
The report indicates that data from Indian users, who make up around 70% of TrueCaller’s userbase is being sold for around $2,230 while that of global users is going for a whopping $27,883.
TrueCaller has denied that their database was breached, however, the company says that they found instances of data scrapping (unauthorised copying of data) by some of their users. What makes the issue even more alarming, TrueCaller recently introduced peer-to-peer money transfer to its Indian users which means that users’ financial data could also be at risk.
“It has been recently brought to our attention that some users have been abusing their accounts. In light of this event, we would like to strongly confirm at this stage that there has been no sensitive user information being accessed or extracted, especially our users financial or payment details,” said TrueCaller.
Cyber experts, on the other hand, claim that such a huge pool of data that is on sale on the dark web can only be accessed through a database breach, something that TrueCaller strongly denies. “We would like to reinforce that this was not an attack on our database, as data stored on our servers is highly secured. We take the privacy of our users and the integrity of our services, extremely seriously. As we investigate, we will continuously implement new protocols to prevent any future attempts,” added TrueCaller.
This is not the first time that the company has found itself on the receiving end of poor data protection accusations. In 2016, TrueCaller’s app was found to be leaking user data and even more recently, earlier this year, TrueCaller had to introduce a limit to the number of times a user can perform phone number searches on the platform after suspicions of data scrapping were revealed.