The Truecaller global phone directory, a service which finds contact details for a given name or telephone number via crowd-sourcing, has had its main database hacked according to a report by BGR. The hackers have reportedly had access to some 450GB of data, most of it not really intended for public usage.
The hack was pulled off my the Syrian Electronic Army, who claim to have the data of over a million users, including Facebook, Twitter, LinkedIn and Gmail accounts. Truecaller has since released a statement refuting that any sensitive data has been compromised.
The statement goes as follows:
Truecaller experienced a cyberattack on our website that resulted in an unauthorized access to some data. We were able to shut it down moments after we discovered it. Our investigation into the matter indicates the attackers were able to access ‘tokens’, which was immediately reset. Metaphorically speaking, a ‘token’ is a unique lock for each user, but what the attackers did not acquire is the needed key, which has also been reset.
Truecaller does not store passwords, credit card information, or any other sensitive information about our users. It is false information that attackers were able to access our user’s Facebook, Twitter, or any other social media passwords.
We are still investigating the extent of unauthorized access of our database. We have outlined steps to help us deal with the situation. These steps include more complex security measures and various other tools we want to keep within the company.
We feel it is crucial to publicize the attack because it is important that we keep true to the honesty and integrity of the Truecaller brand.
We want to thank our users for their patience, as we are still investigating and acquiring information.
Truecaller lets service users see who’s calling them by displaying a name for any number that’s in their database and not in their phonebook. It populates its database by having new users agree to share their phonebook with the service. It’s unclear to what extent this information was made accessible to the hackers, although according to the above statement, it’s virtually none.
We’ll have more on this story as it develops.
Thanks, Swapnil, for the tip!