Source: ET Bureau
Truecaller says 0.12% users in India affected by bug that triggered payment enrolment
Last week, Truecaller started enrolling some of its users for its payment product without consent, alarming its customers and privacy activists alike.
Caller ID app Truecaller said that less than 0.12% of our total monthly users in India were affected by the bug which led to automatic creation of payments profile without consent.
It added that as the registration happened in the background, the affected users were not asked to create a UPI Pin code, which means that the registration process never finished.
“We deeply regret the trouble caused to these unsuspecting users, who may have thought that there is some breach to their bank account. No bank accounts or financial information of users were compromised, and immediate steps were taken to remove the issue and ensure the services were returned to normal,” Mamedi clarified.
The company said the API that caused automatic enrolment for some of its customers for its payment product Truecaller Pay last week was supposed to be initiated for only existing payment users who had consented for it.
Last week, Truecaller started enrolling some of its users for its payment product without consent, alarming its customers and privacy activists alike. However, it later clarified that a bug was responsible for automatically triggered a registration post updating to the version.
Truecaller CEO Alan Mamedi wrote on a blogpost that the API was only meant for registered payment users, if there is an indication that the registered user’s credentials were corrupted, the API would then trigger a refresh of the credentials.
“However, this API was triggered for a portion of users who were not already registered for payments. Such an API issue is unusual and unprecedented at Truecaller and a scenario we hadn’t designed for,” he said.