Hi Guys,

I hope that you are well. All is good here 🙂

Security researcher Anurag Sen recently found millions of unencrypted messages from the Popular video calling and messaging app JusTalk sitting on the internet, completely unprotected. The China-owned app, which has over 20 million users, claims on its website that all messages are end-to-end encrypted. They even boast on their website that “only you and the person you communicate with can see, read or listen to them: Even the JusTalk team won’t access your data!”. None of this is true. Not only were they not encrypted, but the company itself did not do anything to keep the messages safe.

The exposed data includes the following:

  • Millions of JusTalk user messages
  • Date and time the messages were sent
  • Phone numbers of both the sender and recipient
  • Records of calls that were sent and received

What can you do?

  • If you are a user of Justalk, I am afraid there is nothing that you can do. You can contact them and demand that they tell you precisely what information has been exposed. It may not be all of your conversations, so it is best to find out how exposed you are.
  • Stop using this app immediately, remove it from your phone and never install it again. You cannot trust this company.

On that note, do you think there will ever be a time when one of the other popular messaging tools gets hacked and all user conversations dumped on the web? Most of them say their messages are end-to-end encrypted, but this may not be true, as we have just seen with Justalk.

Be careful what you say on these messaging apps.

Please share this with anyone you know who uses this app.

All the best and have a great day.

Max Roberts,
Incognito Privacy Care Team.