Global phone directory app TrueCaller has been hacked into by Syrian Electronic Army (SEA). The mobile application allows cellphone users to trace callers’ ID and location in exchange for allowing the app access to their phone directories. The hacker group claimed on its Twitter accounts and its website, that it has managed to get access into the databases of the largest “telephone directory” in the world. The news was first reported by TheHackerNews.
Earlier in June this year, TrueCaller announced that its user base has touched the 20-million mark, representing growth of 100% in a period of five months. It said that it has 1 million users in India in March, as per an ET report. The hackers claimed to have get away with 7 databases including the main database which is 450GB in size. The Syrian Electronic Army group claimed that the outdated WordPress allowed them to gain access to the admin panel. Founded in 2009, Truecaller is available on the Web and as an app for the iPhone, Android, Blackberry, Symbian (Series 40/ Series 60), and Windows Phone.
Today, Truecaller has issued an official statement confirming the hack. The Sweden based company has mentioned in the statement that hackers have not gained access to users’ Facebook, Twitter, or any other social media passwords. Here is the complete statement:
“Truecaller experienced a cyberattack on our website that resulted in an unauthorized access to some data. We were able to shut it down moments after we discovered it. Our investigation into the matter indicates the attackers were able to access ‘tokens’, which was immediately reset. Metaphorically speaking, a ‘token’ is a unique lock for each user, but what the attackers did not acquire is the needed key, which has also been reset.
Truecaller does not store passwords, credit card information, or any other sensitive information about our users. It is false information that attackers were able to access our user’s Facebook, Twitter, or any other social media passwords. We are still investigating the extent of unauthorized access of our database. We have outlined steps to help us deal with the situation. These steps include more complex security measures and various other tools we want to keep within the company. We feel it is crucial to publicize the attack because it is important that we keep true to the honesty and integrity of the Truecaller brand. We want to thank our users for their patience, as we are still investigating and acquiring information.“