After an online intelligence firm Cyble flagged that a cybercriminal was selling Truecaller records of 4.75 crore Indians on the dark web for just about Rs 75,000, the Swedish caller identification app on Wednesday denied any breach of its database.
As per Cyble, the data on sale includes information like phone numbers, city, gender, Facebook ID, and even mobile network.
TrueCaller has denied any such breach. The company says that their users’ “databases are secured with bank-grade security. Bad actors have compiled data and branded it with our well-known name to lend credibility to it.”
“There has been no breach of our database and all our user information is secure. We take the privacy of our users and the integrity of our services extremely seriously and we are continuously monitoring for suspicious activities,” a Truecaller spokesperson said in a statement.
"We were informed about a similar sale of data in May 2019. What they have here is likely the same dataset as before. It's easy for bad actors to compile multiple phone number databases and put a Truecaller stamp on it.
Cyble in a blog on Tuesday said that its researchers have "identified a reputable seller, who is selling 47.5 Million Indians Truecaller records for $1000. The data is from 2019."
"Looking at the information itself, it has over 47.5 million records, and it includes interesting information such as phone number, carrier, name, gender, city, email, Facebook ID and others," said the blog post.
On Wednesday, Cyble updated the blog to say that the same hacker has dropped another 600 million records for sale.
Earlier, it had spotted that the personal data of almost 2.9 crore Indians were being sold on the dark web. This data was sourced from multiple job websites.
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)