In a nightmare for thousands of Truecaller users in India, a so-called bug automatically created their Unified Payments Interface (UPI) accounts with the ICICI Bank without their consent, triggering panic and hacking fears. The affected users received an SMS from ICICI Bank starting from late Monday evening till morning hours on Tuesday saying “your registration for UPI app has started. If it was not you, report now to your bank. Do not share card details/OTP/CVV with anyone to avoid a financial loss”.
The message was enough to scare some users who immediately approached the ICICI Bank customer care, blocking their net banking and debit cards.
“It was like someone attempting to break into my Internet banking account. The ICICI Bank customer care staff told me there was some suspicious activity in my online account, hence I requested them to immediately block Internet banking and safeguard the funds,” told one affected user.
“It was a nightmare for me to wake up and see this message. Since it came from the bank, it was enough for me to believe it. I do not know if my smartphone data has also been hacked,” he added.
The users reported the issue after updating their Android app to the latest Truecaller version 10.41.6.
Later, Truecaller issued a statement, saying it has discovered a bug in the latest update that affected the payments feature, which automatically triggered a registration post updating to the version.
“We’re sorry about this version not passing our quality standards. We’ve taken quick steps to fix the issue and already rolled out a fix in a new version.
“For the users already affected, the new version with the fix will be available shortly, however, in the meanwhile, they can choose to manually deregister through the overflow menu in the app,” said Truecaller which added payments service with the ICICI Bank in 2017.