How we could have tracked anyone's live location using Truecaller's "Guardians" app
It was possible for an attacker to login into a victim's "Guardians" account by just using their phone number. Once the attacker has successfully logged in, they can track all your family member's locations. The application also leaked the victim's account details such as date of birth, profile picture, and emergency contact details. It also allowed an attacker to add more family members to the account once the account is taken over. Truecaller was quick in fixing the reported vulnerability within few hours.