Hacker group says it acquired databases of global phone directory Truecaller

Share this article:

More than a million Truecaller accounts were compromised in a recent hack.

Swedish-based Truecaller, the company that says it maintains the largest global phone directory, has become the latest target of the Syrian Electronic Army after the hacker collective made the announcement via Twitter less than 24 hours ago.

In exclusive comments to cyber security news site E Hacking News, members of the group said they acquired more than seven databases from Truecaller, including one totaling 450 GB. The report said that besides phone data the databases also contain access codes to more than a million Facebook, Twitter, LinkedIn and Gmail accounts.

The hackers reportedly accessed the admin panel and acquired information because the Truecaller website was running WordPress 3.5.1, an outdated version of the web publishing tool. The Truecaller product is primarily a free application on mobile devices, including iOS and Android, but features are accessible through the website. 

“Sorry @Truecaller, we needed your database, thank you for it :)" reads the first Twitter post regarding the attack. It was followed up almost immediately by a tweet containing the database host and name, complete with username and password. A picture from the database was tweeted out 15 hours later.

The Truecaller application works by uploading users' contacts into global databases, which – courtesy of crowdsourcing – have filled out tremendously over time. The website claims to have nearly a billion phone numbers. Features as well include caller ID and call blocking, as well as social media integration. The application is available in more than 100 countries.

Some of the affected users are from China and Turkey, according to the database photo posted by the Syrian Electronic Army.

A request for comment from Truecaller was not immediately returned.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Florida Supreme Court rules warrants a must for real-time cell location tracking

Florida Supreme Court rules warrants a must for ...

The Florida Supreme Court put the kibosh on warrantless real-time tracking using location data obtained from cell phone providers.

Modular malware for OS X includes backdoor, keylogger components

Modular malware for OS X includes backdoor, keylogger ...

The modular malware was named "Ventir," by researchers at Kaspersky.

Fake Dropbox login page nabs credentials, is hosted on Dropbox

Fake Dropbox login page nabs credentials, is hosted ...

Symantec researchers received a phishing email linking recipients to a fake Dropbox login page that is hosted on Dropbox's user content domain and served over SSL.