User data, including names, phone numbers and email addresses of TrueCaller app users seem to be available for purchase. TrueCaller, the third-party caller identification platform claims it has not suffered any data breach. However, it has clearly not ruled out foul play by some of its premium members.
A large volume of data, apparently belonging to TrueCaller, one of the pioneers of caller identity verification through peer-sharing, is allegedly available for purchase. The data is reportedly available on a private internet forum. The forum, supposedly open to only a select few members on the Dark Web, has reportedly been advertising TrueCaller data, which supposedly includes names, phone numbers and email addresses of users.
Interestingly, the cybersecurity analyst, who monitors such transactions, claimed the data is comprehensive. The majority of users, who should be concerned about the same, are Indians. This is because Indian TrueCaller users make up about 60 to 70 percent of the platform’s entire user base.
The database of Indian users, however, is not reportedly fetching a handsome amount. Apparently, the forum is demanding Rs. 1.5 lakh (approximately $2,000). Needless to mention, this figure is quite low, especially after considering there are about 100 million Indian users of the 140 million global user base. Data of global users, however, carries a hefty premium, claimed the analysts. Apparently, the data of global users is priced as high as $25,000.
TrueCaller also offers payment services through the Unified Payments Interface (UPI) to its Indian users. The platform has categorically denied any data breach. Although the claims of data integrity and security can be believed, the platform has not ruled out foul play. TrueCaller has noted that it found instances of unauthorized copying of data. The practice, commonly known as “scrapping”, which involves collecting data through systematic and persistent searches. The searches can be conducted by an automated AI-driven algorithm that’s commonly known as a bot.
Incidentally, Truecaller also offers a premium model, wherein users can search for an unlimited set of numbers on the platform. It is quite likely that one or more such premium users might have scraped data from TrueCaller’s servers. Hinting at such a foul play, a representative for Truecaller issued a statement that said,
“It has been recently brought to our attention that some users have been abusing their accounts. In light of this event, we would like to strongly confirm at this stage that no sensitive user information has been accessed or extracted, especially our users’ financial or payment details. The team has been investigating the matter and has found that a very large percentage of the sample data does not match or is not Truecaller data.”