This is probably another one of the biggest hacking in the world. Truecaller – world’s largest digital phone directory – is again in this news and for all wrong reason this time. Syrian hackers illegitimately managed to by-pass security of Truecaller servers and get away atleast 1 million users contact database, including their Facebook, Twitter, Linkedin and Gmail IDs.
Though the company is yet to revert on the embarrassing incident, report claims that
Syrian Army Syrian Electronic Army hackers cracked 3 databases of Truecaller that include main contact database sized 450 GB, ehacking News reporting.
Truecaller is world’s largest phone contact database system that works by user aggressing to share their personal information, including phone number, social profiles etc, in exchange of accessing Truecaller’s database. The application sits on users’ Smartphone and keeps monitoring every incoming and outgoing calls. Whenever a person – Truecaller installed on his Smartphone – receives a call from an unknown number, Truecaller scan the number from its database and display the name and location of that unknown caller. The service is becoming popular among Smartphone users as Truecaller app is listed under the most popular app on Google Play Store and majority of Smartphone users find the app useful to avoid unwelcome commotion.
At this point, its not clear whether hackers managed to get in only the Database or also got access users’ phonebook DB who have Truecaller installed in their Smartphone. In such case, the damage could be much more severe than what is being projected now.
The official statement from Truecaller is still awaited.
Update: Truecaller has finally addressed the situation and is out with an official statement :
Truecaller experienced a cyberattack on our website that resulted in an unauthorized access to some data. We were able to shut it down moments after we discovered it. Our investigation into the matter indicates the attackers were able to access ‘tokens’, which was immediately reset. Metaphorically speaking, a ‘token’ is a unique lock for each user, but what the attackers did not acquire is the needed key, which has also been reset.
Truecaller does not store passwords, credit card information, or any other sensitive information about our users. It is false information that attackers were able to access our user’s Facebook, Twitter, or any other social media passwords.
We are still investigating the extent of unauthorized access of our database. We have outlined steps to help us deal with the situation. These steps include more complex security measures and various other tools we want to keep within the company.
We feel it is crucial to publicize the attack because it is important that we keep true to the honesty and integrity of the Truecaller brand.
We want to thank our users for their patience, as we are still investigating and acquiring information.