Advertisement

Hackers attack online phonebook Truecaller

Hackers attack online phonebook Truecaller
Truecaller is an application that gathers names and phone numbers and helps users find one through the other, especially among their group of friends. The company said its website suffered a cyberattack this week. (Truecaller)

Saying they took advantage of an out-of-date Wordpress system, members of a Syrian cyber-hacking group are claiming they swiped reams of user data this week from crowdsourced online phonebook Truecaller.

In a statement Thursday, the Swedish startup acknowledged a "cyberattack" but offered few details. It said that attackers retrieved tokens that -- when paired with a secret passphrase – gives third-party websites access to individuals' Facebook, Google and other social media accounts. But, Truecaller said, hackers had not obtained those much-needed keys.

Advertisement

Truecaller has amassed nearly a billion phone numbers in less than four years with help from its more than 20 million users, mostly in Europe and Asia. Truecaller gets information from various white pages and yellow pages services. And users on most of Truecaller's smartphone apps can upload their phone's contacts to help populate the directory. That especially helps the company get ahold of details for people with prepaid phone accounts.

Finding names by numbers is free. Searching for someone's number by names costs money. Getting access to these features requires logging in with a social media account. When Facebook or the like approves the login request, the social media network sends Truecaller a unique token. Truecaller can use it to request additional information about the user from a social network's database.

"Truecaller does not store passwords, credit card information, or any other sensitive information about our users," the company said. "It is false information that attackers were able to access our user's (sic) Facebook, Twitter, or any other social media passwords."

Asked if he could provide more clarification, Truecaller spokesman Kim Fai Kok said in an email, "It's our responsibility to inform our users and the public as soon as we've investigated this matter."

Though the company would not confirm if hackers breached the site via a Wordpress installation, the incident serves as a reminder to quickly update applications. Wordpress' month-old security release fixes several notable vulnerabilities that could give attackers access to a website's internals.

ALSO:

Advertisement
Advertisement