SUMMARY
A database of 47.5 Mn Indian users is being sold for $1000
The database was discovered by cybersecurity platform Cyble
Truecaller has denied that the database belonged to the app
In yet again incident of data theft, an unidentified individual is selling personal data of 47.5 Mn Indians alleged to be users of caller ID app Truecaller on the dark web, according to cybersecurity research company Cyble. The seller has priced the data at $1000 (INR 77K).
In its preliminary analysis, Cyble noted that the personal details were even categorised by state, cities and telecom carriers as well. “The actor must have spent a reasonable amount of time in organising this,” Cyble said.
In this incident of personal data compromise, details of users such as phone number, name, gender, city, email ID, Facebook account and telco were made available to potential buyers. Cyble said such a database may have a massive impact on users in India through spam, phishing scams, identity theft, among other illegal cyber attacks.
Meanwhile, Truecaller has denied the breach. A company spokesperson said, “There has been no breach of our database and all our user information is secure. We take the privacy of our users and the integrity of our services extremely seriously and we are continuously monitoring for suspicious activities.”
Moreover, Truecaller added that the company got to know about a similar data sale in May last year. The spokesperson added that the dataset is very similar to the last one. “It’s easy for bad actors to compile multiple phone number databases and put a Truecaller stamp on it. By doing that, it lends some credibility to the data and makes it easier for them to sell. We urge the public and users not to fall prey to such bad actors whose primary motive is to swindle the people of their money,” the spokesperson said.
Rising Cybersecurity Threats In Indian Market
According to the IT ministry, India witnessed 3.94 Lakh instances of cybersecurity incidents in 2019 alone. This data was reported to and tracked by the Indian Computer Emergency Response Team (CERT-In).
In the recent past, many Indian startups have faced the wrath of data thefts and breaches. For instance, an independent security researcher has discovered a database of 9.1 Mn Zoomcar users being sold on the dark web by an anonymous hacker.
Previously, personal data of users of startups such as Chqbook, Ixigo and Justdial have also found to be compromised. Inc42 had exclusively reported about a data breach which exposed data belonging to over 50K students studying in around 100 Indian schools which were clients of Gurugram-based online school management platform Skolaro.
