Join us at TNW Conference 2022 for insights into the future of tech →

The heart of tech

This article was published on March 29, 2016

Truecaller bug could expose the personal details of over 100,000,000 users

Truecaller bug could expose the personal details of over 100,000,000 users
Mix
Story by

Mix

Former TNW Writer

Mix is a tech writer based in Amsterdam that loves cinema and probably hates the movies that you like. Tell him everything you despise about Mix is a tech writer based in Amsterdam that loves cinema and probably hates the movies that you like. Tell him everything you despise about his work on Twitter.

Security researchers from Cheetah Mobile have discovered a privacy flaw in Truecaller – the world’s largest caller ID app – that puts the personal information of over a hundred million users in danger.

As Cheetah Mobile explains in its report, Truecaller uses a devices’ IMEI number to assign identities to its users, which means that anyone with access to a device’s IMEI could tamper with your personal information without explicit consent.

By exploiting this defect, attackers can steal and alter details such as “account name, gender, e-mail, profile pic, home address”. Additionally, hackers can also modify application settings, disable spam blockers and edit (or delete) users’ blacklists.

Truecaller has since quickly flagged and fixed the bug, but users still need to update to the app’s latest iteration – that was released on March 22 – in order to ensure the safety of their private details.

According to Truecaller’s statement, monitoring analysis indicates that so far “no user information has been compromised” as a result of this vulnerability.