wordpress blog stats
Connect with us

Hi, what are you looking for?

, ,

Truecaller defect allowed hackers to harvest IP address, other user data via malicious links, now fixed: Report

Truecaller has fixed a defect that allowed hackers to use its application program interface (API) to place a malicious link as the URL for users’ profile picture, reported Gadgets360 on November 23. The defect allowed hackers to use malicious links to harvest IP addresses, physical location, and other data of users by attacking them using brute force and distributed denial of service (DDoS), the report said. A Truecaller spokesperson said the “bug was immediately fixed” and added that this “was not a critical vulnerability” and that “no critical user data was ever compromised”.

How did the defect surface?

A Bengaluru-based security researcher, Ehraz Ahmed, had found the Truecaller defect, and Gadgets360 reported it. Truecaller fixed the vulnerability. This API flaw could be accessed through all versions of Truecaller, including Android, iOS, and the web. If a user was searching for a Truecaller profile from the desktop, the flaw could let the hacker know the user’s browser details.

In an official statement, Truecaller said:

“It was recently brought to our attention that there was a small bug in our app services which allowed the modification of one’s own profile in an unintended way. We thank the security researcher for bringing this to our notice and collaborating with us. The bug was immediately fixed”.

Previous privacy concerns with Truecaller

In July 2019, National Payments Corporation of India (NPCI) had stopped onboarding new Truecaller users on the UPI platform because the company had automatically started the registration process for creating a UPI ID for multiple users. However, Truecaller had called it a “bug” and said it affected only a small fraction of its users in India.

In September 2019, Nigeria’s National Information Technology Agency (NITDA) had launched an investigation into a potential breach of privacy rights under the country’s National Data Protection Regulation. The agency had accused it of over-collecting user data and sharing it with third-party advertisers without user consent.

Advertisement. Scroll to continue reading.

Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



The US and other countries' retreat from a laissez-faire approach to regulating markets presents India with a rare opportunity.


When news that Walmart would soon accept cryptocurrency turned out to be fake, it also became a teachable moment.


The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.


In this excerpt from the book, the authors focus on personal data and autocracies. One in particular – Russia.  Autocracies always prioritize information control...


By Jai Vipra, Senior Resident Fellow at Vidhi Centre for Legal Policy The use of new technology, including facial recognition technology (FRT) by police...

You May Also Like


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ