JustTalk, a popular messenger in Asia, bills itself as a secure service where users’ messages are transmitted in encrypted form. In fact, it turned out that adequate data protection was not provided, as evidenced by a large cache of unencrypted user messages that experts discovered on the Internet this week.
According to available data, JustTalk messenger is developing at a fast pace and is currently used by more than 20 million people worldwide. The service convinces users to use end-to-end encryption so that transmitted data is accessible only to chat participants. The messenger’s official website says that even JustTalk employees do not have access to the data sent by users.
However, the massive data leak shows that JusTalk’s claims of high levels of data protection are untrue. Millions of messages from users of the service, which are in the public domain, testify to this. In addition to the text of the messages, the exact date of their departure is indicated, as well as the phone numbers of the senders and receivers. Furthermore, the leak contains some recordings of video calls made through the JusTalk app.
Information security expert Anurag Sen, who discovered the leakage of JusTalk user data, tried to contact the messenger developer, which represents the Chinese company Juphoon. There, he was told that the service is currently owned by Ningbo Jus, whose representatives have not yet been contacted. The researcher notes that the cache he found also contains user data of JusTalk Kids and JusTalk Phone Number, a children’s app that allows you to create virtual phone numbers.