Users of Truecaller, an app to identify unknown callers that also red-flags spammers, may have their personal data compromised as details of over four crore Indian users are now available for sale at just $1,000 on the dark web, as per a U.S.-based cyber intelligence firm.
A quick study of the leaked data reveals that the details belong to citizens from all over the country, including from States like Maharashtra, Bihar, Andhra Pradesh, Delhi, Haryana, Madhya Pradesh, North East India, Odisha and Punjab, along with another folder titled ‘Unknown’. The details include phone numbers, names, genders, locations, emails ids and Facebook profile information.
Indian central and State cybercrime agencies have initiated investigations into the matter, taking into account the scope for the number of crimes that can be committed, including phishing rackets and identity thefts.
The data leak has been detected by Cyble Inc, a firm founded by global cybersecurity expert Beenu Arora that had unraveled two other leaks earlier this month on the dark web, both affecting Indians.
‘Surprisingly low price’
According to Mr. Arora, Cyble researchers have identified a known player on the dark web offering details of a whopping 4.75 crore Indians for sale. Even more surprisingly, the entire packet, which would be regarded as a goldmine in terms of the sheer number of ways it can be misused, is being offered for a surprisingly low $1,000.
“Cyble has indexed this information on AmiBreached.com – Cyble’s data breach monitoring and notification platform. People who are concerned about their exposure can register on the website to ascertain their exposure,” the firm said in a note.
The threat actor behind the data leak has been identified as someone who goes by the name TooGod on the dark web. “The low price suggests that the threat actor has some interest in gaining attention or expanding his customer base,” Mr. Arora said.