Posted by Trueman on July 18, 2013
UPDATED: 5 July, 2013
By now, many of you have read recent headlines reporting that Truecaller has been a victim of a cyberattack in July of 2013. In this post, we want to address questions we've been receiving and share what we've learned so far about the incident.
First and foremost, it's important to point out that we have outlined steps to help us deal with the situation. These steps include more complex security measures and various other tools we want to keep within the company. We feel it is important to be as transparent as possible while at the same time not go in to details.
Here are the most common questions we are being asked by our users:
Is it safe to use Truecaller?
Considering that Truecaller does not store passwords, credit card information, or any other sensitive information about our users, it is safe to use Truecaller.
Behind the app, we are people just like you. We have the same logic and the same concerns about the world. Millions of our users put their trust in us, and it is trust and integrity we have founded this company on. Trustworthiness in our collaborative community and user confidence is vitally important to Truecaller?s continued success, growth and data quality.
Should I uninstall Truecaller?
Having Truecaller installed on your phone is not harmful to other apps or information that you hold privately. Truecaller is simply a service to help you identify callers and has no interest in social media passwords or credit card information that could disrupt your daily life.
If a user feel uncomfortable having their number in Truecaller's directory they can simply unlist their number permanently here: http://www.truecaller.com/unlist
Did the attackers get hold of my password?
Truecaller does not store passwords. What the attackers were able to access were 'tokens', which by design can be immediately reset, which we instantly did. Tokens are used to connect to various social media accounts. We use them to provide our login service on the website, in order to simplify the login process without us handling any personal information, such as password etc.
Truecaller experienced a cyberattack [July 2013] on our website that resulted in an unauthorized access to some data. We were able to shut it down moments after we discovered it. Our investigation into the matter indicates the attackers were able to access 'tokens,' which was immediately reset. Metaphorically speaking, a 'token' is a unique lock for each user, but what the attackers did not acquire is the needed key, which has also been reset.
Truecaller does not store passwords, credit card information, or any other sensitive information about our users. It is false information that attackers were able to access our users' Facebook, Twitter, or any other social media passwords.
We are still investigating the extent of unauthorized access of our database. We have outlined steps to help us deal with the situation. These steps include more complex security measures and various other tools we want to keep within the company.
We feel it is crucial to publicize the attack because it is important that we keep true to the honesty and integrity of the Truecaller brand.
We want to thank our users for their patience, as we are still investigating and acquiring information.