TrueCaller has confirmed that their website was being hacked. However, it claims that TrueCaller does not store passwords, credit card information, or any other sensitive information. It has denied has that attackers were able to access TrueCaller user’s Facebook, Twitter, or any other social media passwords.
Sweden-based global phone directory service TrueCaller‘s database has been hacked by Syrian Electronic Army hackers compromising on millions of phone book records available in their database, reports thehackernews. Medianama is not in a position to verify this claim. We have contacted Truecaller for a confirmation and would update the article once we receive a response.
This was first reported by ehackingnews.
According to the report, Truecaller’s website was based on an outdated version of blogging software WordPress V3.5.1. It saved phonebook records uploaded by Truecaller users to this database. Hackers seemed to have downloaded more than 7 databases of 450GB in size from Truecaller servers. At the time of writing this article it’s not clear whether the entire database has been stolen or only partial. The database also apparently contains access codes to user’s Facebook, Twitter, Gmail, and LinkedIn accounts, allowing hackers to submit an update from Truecaller users account who have connected these networks to their account, as per the report. We advise users to immediately remove Truecaller from giving access to Truecaller service.
Besides stealing the database, the hackers also posted admin login credentials to Truecaller’s database on Twitter. At the time of writing this article the database was not accessible, however, we can’t rule out the possibility of database reaching in wrong hands.
Read
