A day after data of 4.75 crore Indian Truecaller users was found to have been offered up for sale on the dark web , Truecaller on Wednesday stated that the data seemed to be from a set leaked in May 2019. Researchers from Cyble Inc, the U.S.-based cyber intelligence firm that found the leak, confirmed the same.
Also read: Cyber security agencies suspect massive data breach in the last few days
Meanwhile, the same threat actor also put up a whopping 600 million other data sets for sale on Wednesday.
The Truecaller data, which is of users from all over the country and is classified into folders, was being offered for a mere $1000 (about ₹76,000).
A spokesperson from the company said on Wednesday, “There has been no breach of our database and all our user information is secure. We take the privacy of our users and the integrity of our services extremely seriously and we are continuously monitoring for suspicious activities.
“We were informed about a similar sale of data in May 2019. What they have here is likely the same dataset as before. It’s easy for bad actors to compile multiple phone number databases and put a Truecaller stamp on it. By doing that, it lends some credibility to the data and makes it easier for them to sell. We urge the public and users not to fall prey to such bad actors whose primary motive is to swindle the people of their money.”
Cyble founder Beenu Arora said that it was confirmed that the data was a subset of the 2019 leak.
The 600 million other data sets posted for sale belongs to Chinese and Taiwanese companies as well as individuals.
The data has been put up by TooGod, the same entity responsible for the Truecaller data posting.
“The Truecaller leak, in contrast, is minor in nature considering that the actor has now leaked over 600 million records, including from China, Taiwan etc. TooGod is not the biggest worry from my perspective, as the actor is just another wholesaler in the dark web market. There are other active groups, who are continually targeting large organisations as well as growing start-ups,” Mr. Arora said.
He added that the average user is advised to stay alert to suspicious text messages, phone calls and emails, regularly monitor banking transactions for any potential anomalies or suspicious activities, use complex passwords and multi-factor authentication where possible and opt for data breach monitoring and notification services that tell users if their information is exposed.