“Our researchers have identified a reputable seller, who is selling 47.5 million Indians Truecaller records for USD 1,000 (about Rs 75,000). The data is from 2019. We were also taken off by surprise with such a low price point,” Cyble said in a blog.
The data on sale includes phone numbers, gender, city, mobile network, Facebook id etc.
“Cyble researchers are progressing with their analysis, but clearly, this leak may have a potential impact on broader users in India such as spams, scams, identity thefts etc. We will update this blog as we get more information,” Cyble said.
When contacted, a Truecaller spokesperson said, “There has been no breach of our database and all our user information is secure. We take the privacy of our users and the integrity of our services extremely seriously and we are continuously monitoring for suspicious activities.”
The spokesperson said that the company has information about a similar sale of data in May 2019.
“What they have here is likely the same dataset as before. It’s easy for bad actors to compile multiple phone number databases and put a Truecaller stamp on it. By doing that, it lends some credibility to the data and makes it easier for them to sell. We urge the public and users not to fall prey to such bad actors whose primary motive is to swindle the people of their money,” the spokesperson said.
The personal data leaked by cyber criminals leads to various nefarious activities such as identity thefts, scams, and corporate espionage.
Last week, Cyble spotted personal data of 2.9 crore Indians being sold on the dark web which was sourced from job websites.