Skip to content

Hacker leaks 6 million JustCall.io sensitive user records

  • by
  • 2 min read

A threat actor going by the alias ‘Darknotevil’ has allegedly leaked a massive database containing sensitive user information from JustCall.io, a cloud-based business phone system. The breach was advertised on the notorious hacking forum BreachForums, where the hacker claims to have exposed over six million records, including phone numbers, more than 100,000 email addresses with MD5 hashes, and API keys.

The forum post includes a sample of the leaked data, showcasing structured JSON records that contain fields such as user emails, phone numbers, timestamps, and company details.

The hacker has put the full dataset behind a paywall, requiring users to unlock it for five forum credits, a common practice on cybercrime marketplaces.

JustCall, a product of SaaS Labs, is used by over 6,000 businesses globally for customer communication. The exposure of API keys could allow attackers to gain unauthorised access to business accounts, leading to potential identity theft, phishing campaigns, or fraudulent activities.

Currently, JustCall.io has not released an official statement confirming or denying the breach. Users should change passwords immediately, especially if the same credentials were used elsewhere, monitor their email accounts and phone numbers for phishing attempts, and revoke and regenerate API keys if they use JustCall’s service.

Recently, DISA Global Solution, a drug and alcohol testing firm that provides background checks and employee screening devices, was breached leading to data exposure of over 3.3 million people.

Another data breach at OmniGPT exposed 34 million chat messages across six countries, including Brazil, India, Italy, Pakistan, China, and Saudi Arabia.

Yet another data breach targeting the Community Health Center (CHC) put the data of more than one million individuals at risk.

Also, a major security flaw in Google’s ‘Sign in with Google’ authentication system exposed millions of users’ data to potential data theft.

In the News: CBI seizes ₹23.94 crore in cryptocurrency in GainBitcoin scam investigation

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

Related Reads

This is an image of data breach featured

Legends International suffers data breach affecting employees and venue visitors

This is an image of cyber security hacked breach

Freshly discovered Windows vulnerability already exploited in the wild

This is an image of court featured ss1

Indian consumer courts to accept complaints against WhatsApp

  • by
  • In News
This is an image of discord203947

Discord verifies age with ID and face scans for select users

This is an image of drone 1866742 1280

British soldiers are using radio waves to take down drones

This is an image of cyber security hacked hacking 3889

State-sponsored hackers are increasingly using ClickFix tactics for the first time

>