Truecaller, a caller ID company with access to email IDs and mobile numbers of millions of users, has been hit with fresh allegations of letting its data sell on the dark web. The data is available to any person willing to pay up to Rs 1.5 lakh for data of Indian users, while the amount goes up to a staggering 25,000 euros (Rs 19.4 lakh) for users from other countries.
These allegations were revealed in an ET report on Wednesday, bringing to light another data breach to hit users across the world.
Truecaller, in its defence, has claimed that the data observed during its own investigation, was not picked up from any breach of its database, and all the payment-related information of its users is safe in their custody.
There’s a lot of contradiction between the details mentioned in the report and what Truecaller has found in its investigation. The data set mentioned in the report contained personal information of Truecaller users, which was confirmed by searching through the app.
Having said that, Truecaller believes the data made available on the dark web is not theirs. Now, who does one believe in such a situation?
Truecaller is said to have over 140 millions users on its platform, with 60 to 70 percent of those residing in India.
The fact that Truecaller deals in multiple businesses; caller ID, SMS service and mobile payment among others, puts millions of users, from India itself in danger.
It really doesn’t matter if the data was hacked from the companies database, because the data is already listed for sale on the dark web, according to the report, and that itself should get everyone concerned.
Denial has been the go-to strategy for most data-centric entities across the globe, and Truecaller seems to be following that path, for its own reasons.
Truecaller mentions that some user has been abusing his/her account, to collect phone numbers and thereby getting all the personal information of users on its ecosystem. It has also said that any third-party company found violating data privacy norms will also be prosecuted for its wrongdoings.
The majority of the data that we analysed did not match our systems. We believe that it is possible that some malicious users have been abusing their Truecaller account in contravention of our Terms of Service to collect phone numbers.Truecaller statement
The Finland-based company has localised its business for the Indian market, and it also bought payment startup Chillr to store its user data within the country.
The Dark Web has become a go-to platform to sell hordes of data to people willing to pay a high price for it. Truecaller is the latest to fall into this trap, but definitely not likely to be the last to become prey of the dark web.
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)