More than a million Truecaller accounts were compromised in a recent hack.
Swedish-based Truecaller, the company that says it maintains the largest global phone directory, has become the latest target of the Syrian Electronic Army after the hacker collective made the announcement via Twitter less than 24 hours ago.
In exclusive comments to cyber security news site E Hacking News, members of the group said they acquired more than seven databases from Truecaller, including one totaling 450 GB. The report said that besides phone data the databases also contain access codes to more than a million Facebook, Twitter, LinkedIn and Gmail accounts.
The hackers reportedly accessed the admin panel and acquired information because the Truecaller website was running WordPress 3.5.1, an outdated version of the web publishing tool. The Truecaller product is primarily a free application on mobile devices, including iOS and Android, but features are accessible through the website.
“Sorry @Truecaller, we needed your database, thank you for it :)" reads the first Twitter post regarding the attack. It was followed up almost immediately by a tweet containing the database host and name, complete with username and password. A picture from the database was tweeted out 15 hours later.
The Truecaller application works by uploading users' contacts into global databases, which – courtesy of crowdsourcing – have filled out tremendously over time. The website claims to have nearly a billion phone numbers. Features as well include caller ID and call blocking, as well as social media integration. The application is available in more than 100 countries.
Some of the affected users are from China and Turkey, according to the database photo posted by the Syrian Electronic Army.
A request for comment from Truecaller was not immediately returned.