Hacker group says it acquired databases of global phone directory Truecaller

Share this article:

More than a million Truecaller accounts were compromised in a recent hack.

Swedish-based Truecaller, the company that says it maintains the largest global phone directory, has become the latest target of the Syrian Electronic Army after the hacker collective made the announcement via Twitter less than 24 hours ago.

In exclusive comments to cyber security news site E Hacking News, members of the group said they acquired more than seven databases from Truecaller, including one totaling 450 GB. The report said that besides phone data the databases also contain access codes to more than a million Facebook, Twitter, LinkedIn and Gmail accounts.

The hackers reportedly accessed the admin panel and acquired information because the Truecaller website was running WordPress 3.5.1, an outdated version of the web publishing tool. The Truecaller product is primarily a free application on mobile devices, including iOS and Android, but features are accessible through the website. 

“Sorry @Truecaller, we needed your database, thank you for it :)" reads the first Twitter post regarding the attack. It was followed up almost immediately by a tweet containing the database host and name, complete with username and password. A picture from the database was tweeted out 15 hours later.

The Truecaller application works by uploading users' contacts into global databases, which – courtesy of crowdsourcing – have filled out tremendously over time. The website claims to have nearly a billion phone numbers. Features as well include caller ID and call blocking, as well as social media integration. The application is available in more than 100 countries.

Some of the affected users are from China and Turkey, according to the database photo posted by the Syrian Electronic Army.

A request for comment from Truecaller was not immediately returned.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Reported breaches involving zero-day bug at JPMorgan Chase, ...

Hackers exploited a zero-day vulnerability and gained access to sensitive information from JPMorgan Chase and at least four other financial institutions, reports indicate.

Data on 97K Bugzilla users posted online for about three months

During a migration of the testing server for test builds of Bugzilla software, data on about 97,000 Bugzilla users was inadvertently posted publicly online.

Chinese national had access to data on 5M Arizona drivers, possible breach ...

Although Lizhong Fan left the U.S. in 2007, the agencies responsible for giving him access to Americans' personal information have yet to disclose the details of the case to the public.