TrueCaller Database Hacked, Millions of Phone Numbers Compromised?

Do you know how many name and numbers can be stored in a 450 GB Database? Yes, that’s the combined size of 7 Truecaller databases that have been compromised and downloaded by a hacker group called Syrian Electronic Army.

According to THN eHacking News, hackers were able to hack into True caller database via their web front-end which was using older version of popular CMS platform wordpress.

WordPress has released a security update version 3.5.2 few weeks back, however Truecaller did not update their wordpress software and were able to gain access to their database due to this loophole.

Here are the couple of tweets that SEA posted in regards to Truecaller database hacking:

From the @TrueCaller Database #SEA #SyrianElectronicArmy pic.twitter.com/sqUQpAGJQf

— SyrianElectronicArmy (@Official_SEA12) July 17, 2013

 

Database Host: http://t.co/RbaFR3eKJr | Username: tc_admin_login | Password: google123 | Database Name: truecaller_ugc #SEA @Truecaller

— SyrianElectronicArmy (@Official_SEA12) July 17, 2013

They also released following Screenshot to show their hack:

It is clear from the screenshot that they actually hacked into truecaller website. However, this does not mean that SEA has actually got hold of Truecaller user database.

Yes, they have also shown screenshot of the DB as proof that display mobile numbers, but I am still confused about this a bit.

Truecaller obviously uses a different system than wordpress to store information (like phonebook, name) of their mobile users. The screenshot shows that they got through the wordpress site, but nowhere is it apparent that they actually got access to user phonebooks.

However, they do mention 7 databases, which are about 450 GB in size, have been downloaded – If that is true, then they obviously have accessed more than just their wordpress database.

Truecaller has not responded to any of SEA’s tweets, or have not mentioned anything about it on their site as well, even though SEA has marked them on the tweets.

One thing is sure, it is really a big deal if SEA is able to capture the phonebooks of truecaller app users. If that is true, surely many million user details are exposed.

The best thing probably to do is keep away from apps that store your personal information their servers! And always make sure to check what permissions you grant to an app when you install it on your phone.

Updated: We cite eHackingnews site instead of THN, as they had reported this first.