Truecaller Creating UPI Ids Without User Consent? Company Says It Was A Bug, Issue Resolved

Why was TrueCaller creating UPI Ids without consent?
Why was TrueCaller creating UPI Ids without consent?

It turns out, the latest update version of the caller ID app, Truecaller was found with a bug which hacked many of its users’ accounts.

The Hack

What happens if you wake up one morning and receive a particular text message saying that a UPI ID has been created which will directly link with your net banking account, except you have no idea about it and everything that happened was without your consent?

From Monday evening to Tuesday morning hours, thousands of Truecaller users received a text from ICICI bank saying that they were registered for the UPI service and the service was initiated. All of this happened without their prior knowledge triggering panic and hacking fears.

Post this, within 24 hours, many worried targets fled to the bank for assistance to block their netbanking services and debit cards, in attempts to stop someone from breaking into their internet bank accounts. Since the message came directly from the bank, it was enough to drive the recipients crazy and dwell into the fearsome thoughts of their phone data or bank accounts being hacked.

Does Truecaller Never Learn?

So this is not the first time Truecaller has been blamed for keeping it’s users’ privacy online. It has previously too faced a backlash over privacy breach in India. It was known to have allegedly selling Indian users data for mere Rs 1.5 lakh on the dark web, in May.

Talking of the present case, the users started facing problems after updating their Android app to the latest Truecaller version 10.41.6. A Twitter user posted that it was nothing but a privacy breach and elucidated everyone about the bug, alleging that the app stealthily sent an encrypted SMS to the bank to verify their account which is part of the procedure to sign up to the payment service.

Truecaller came upfront and admitted that there was a bug discovered in its latest version, which is said to have automatically triggered a registration post updating to the version. They’ve assured to have attended the bug, claiming to have fixed it and deregistered every user who was heedlessly added to Truecaller Pay.

For those users, who have been affected, the new version with the fix will be available shortly, however, in the meanwhile, they can choose to manually deregister through the overflow menu in the app.

People Want RBI to Penalise Truecaller   

Post the hacking incident involving Truecaller, many affected users conveyed their resent via Twitter. They have not only demanded for a stern investigation of Truecaller by the supreme regulators but also are of the view that since the regulatory bank RBI has the authority to ban Airtel and Paytm Payments Bank for on-boarding customers without their consent, it should do the same with Truecaller too. RBI should penalize Truecaller too.

The National Payments Corporation of India (NPCI) has assured users to take action against the app if found non- compliant.

Comments are closed, but trackbacks and pingbacks are open.

who's online