Popular collaborative online phone directory Truecaller has been hacked by the Syrian Electronic Army, according to a tweet posted by the group claiming to have got access to the service's database.
"Sorry @Truecaller, we needed your database, thank you for it :) http://truecaller.com #SEA #SyrianElectronicArmy
The tweet was
spotted by E Hacking News.
The hackers claim to have downloaded more than 7 databases including from the TrueCaller server and said that the size of the main database is 450GB. They said that the outdated WordPress version used on the Truecaller website allowed them to gain access to the admin panel through which they were able to break in.
According to the report, the database also contained access codes of users' Facebook, Twitter, Linkedin, and Gmail accounts which can be misused by the hackers.
If you have ever installed the Truecaller app on your mobile or used it on the Web, and given it access to your Facebook, Twitter, LinkedIn, Gmail or other accounts, we recommend that you change your passwords immediately and remove Truecaller from the list of apps authorised to post on your behalf.
Founded in 2009 and based in Stockholm, Sweden, Truecaller is a collaborative global phone directory. It is available on the Web and as an app for the iPhone, Android, Blackberry, Symbian (Series 40/ Series 60), and Windows Phone. The app gained popularity due to its ability to 'guess' the name of numbers not stored in a user's contacts list, using the contacts uploaded by other Truecaller users.
Users can also search for names and other details of a contact if they have the contact's number through the service. Users can even request to get the number of a person if they know his/ her name though, it's a paid service. The service also offers social circle recommendations offering a list of people you may know using your social network contacts. Truecaller claims to offer search across over 998,000,000 numbers at the time of writing this post.
Update: Truecaller has issued a statement acknowledging that it experienced a cyberattack that resulted in an unauthorised access to some data. However, Truecaller claims that it is false information that attackers were able to access users' Facebook, Twitter, or any other social media passwords. Here's the text of the statement from Truecaller:
Truecaller experienced a cyberattack on our website that resulted in an unauthorized access to some data. We were able to shut it down moments after we discovered it. Our investigation into the matter indicates the attackers were able to access 'tokens', which was immediately reset. Metaphorically speaking, a 'token' is a unique lock for each user, but what the attackers did not acquire is the needed key, which has also been reset.
Truecaller does not store passwords, credit card information, or any other sensitive information about our users. It is false information that attackers were able to access our user's Facebook, Twitter, or any other social media passwords.
We are still investigating the extent of unauthorized access of our database. We have outlined steps to help us deal with the situation. These steps include more complex security measures and various other tools we want to keep within the company.
We feel it is crucial to publicize the attack because it is important that we keep true to the honesty and integrity of the Truecaller brand.
We want to thank our users for their patience, as we are still investigating and acquiring information.