Home News Truecaller Hacked, 450 GB of Data Stolen

Truecaller Hacked, 450 GB of Data Stolen

by Shashank Bhardwaj
482 views

Truecaller, the global phone directory application, had its servers hacked recently by a hacker group – the Syrian Electronic Army. The group apparently gained access to 7 databases belonging to Truecaller, including one that contained over 450 GB of data. This puts data of over a million users at risk.

Truecaller

Truecaller allows users to look up the name of any individual by a simple phone number search. Aside from its website, Truecaller is also available on iOS, Blackberry, Symbian, Windows Phone, and Android. This is done by crowdsourcing contact information from existing users and updating the database. The service achieved 20 million users this year.

The Syrian Electronic Army announced the hacking operation via a tweet, and then followed it up by posting another tweet with the database host address,database name,  username, and password of users in plain-text.

 

 

The SEA claimed to have hacked 7 Truecaller databases, exposing the access codes of more than million users accounts on Facebook, Twitter, LinkedIn , and Gmail. These access codes can allow the hackers to post updates from the victim’s account. According to SEA, the hacking was achieved due to the Truecaller website running on an outdated and obsolete Wordpress platform. This gave them easy access to the admin panel.

According to the SEA, the downloaded databases are the following:

truecaller_ugc(459GB), truecaller (100GB),truecaller_profiles( 4GB), truecaller_api(123KB), truecaller_PushMe(2.2KB), tc_admin(7MB), tc_www:(70MB).

Truecaller’s parent company – True Software Scandinavia AB, has issued a press release addressing the issue:

“Truecaller experienced a cyberattack on our website that resulted in an unauthorized access to some data. We were able to shut it down moments after we discovered it. Our investigation into the matter indicates the attackers were able to access ‘tokens’, which was immediately reset. Metaphorically speaking, a ‘token’ is a unique lock for each user, but what the attackers did not acquire is the needed key, which has also been reset.

Truecaller does not store passwords, credit card information, or any other sensitive information about our users. It is false information that attackers were able to access our user’s Facebook, Twitter, or any other social media passwords.

We are still investigating the extent of unauthorized access of our database. We have outlined steps to help us deal with the situation. These steps include more complex security measures and various other tools we want to keep within the company.

We feel it is crucial to publicize the attack because it is important that we keep true to the honesty and integrity of the Truecaller brand.

We want to thank our users for their patience, as we are still investigating and acquiring information.”

The company has recognized the hack, but rebuffed news about the Syrian Electronic Army gaining user access codes.

You may also like