The WhatsApp data hack could potentially affect 500 million users, including those from India.
According to a report by Cybernews (1), the personal information of around 450 million WhatsApp users located in 84 countries throughout the globe, including India, may have been compromised and made available for purchase on the internet.
"WhatsApp #dataleak: 500 million user records for sale. The #threat actor told @CyberNews they were selling the #US #dataset for $7,000, the #UK – $2,500, and #Germany – $2,000."
It is rumored that someone is selling accurate mobile phone numbers of almost 450 million WhatsApp users to third parties. Cybernews looked into a data sample, and their findings suggest that this is the case.
On November 16, an individual placed an advertisement on a well-known hacker community forum, saying they offered 2022 information of 487 million WhatsApp user mobile numbers.
According to the rumor, the file comprises data on WhatsApp users from 84 nations. The threat actor says that more than 32 million user records from the United States are included.
Another significant portion of the world's phone numbers is associated with residents of Egypt (45 million), Italy (35 million), Saudi Arabia (29 million), France (20 million), and Turkey (20 million) (20 million).
According to the rumor, the dataset up for sale also contains the phone numbers of over 11 million people from the UK and approximately 10 million from Russia.
The threat actor disclosed that they were selling the dataset for the United States for $7000, the dataset for the United Kingdom for $2500, and the dataset for Germany for $2000.
Most of the time, attackers exploit information like this to carry out phishing and smishing attacks. Thus, we strongly advise users to be vigilant of unwanted calls, messages, and calls from unknown numbers.
There are estimates that WhatsApp has more than two billion monthly active users worldwide.
How Did The Data Got Leak?
The seller did not specify how they got the information but claimed that they "applied their approach" to collect the data. The seller also guaranteed that all of the numbers in the instance belong to actual WhatsApp users.
The information on WhatsApp users could be collected via harvesting information at scale, also known as scraping. However, this practice is against the Terms of Service for WhatsApp.
This claim is based entirely on conjecture. Nevertheless, it is quite common for big data dumps put online to have been obtained by scraping.
Previous Major Data Hacks on Meta's Platforms
Over 533 million user records were found to have been leaked on a dark forum, even though Meta has long been criticized for allowing third parties to scrape or harvest user data. The actor was basically giving away the dataset by making it available to others.
An archive containing data that had allegedly been scraped from 500 million LinkedIn profiles was put up for sale on a famous hacker site just a few days after a big data leak on Facebook made headlines worldwide.
Phone numbers that have been compromised could be used for illegal activities such as marketing, phishing, impersonation, or fraud.
According to the leader of the Cybernews research team, Mantas Sasnauskas,
"In this age, we all leave a substantial digital footprint, and internet giants like Meta should take all procedures and means to preserve that data. We ought to inquire as to whether it is sufficient to include a paragraph in the Terms and Conditions stating that "scraping or platform abuse is not permitted." Because those parameters are irrelevant to threat actors, firms should take stringent measures to mitigate threats and prevent platform abuse from a technological standpoint."
Meta and its services have been in the news before for data breaches, so this is not the first time they have done so. The previous year, a leaker was making the personal info of upwards of 500 million Facebook users available online for free (2). The data that was then compromised contained phone numbers and other specifics.
Facebook had decided not to notify more than 530 million of its users that their personal data may have been compromised due to a breach that occurred before August 2019 and was just recently made accessible in a public database. Hackers may have taken this information. According to a spokeswoman for Facebook, the company has no intentions to follow suit.
2019 saw a breach that affected the personal information of 419 million Facebook users and 49 million Instagram users. During the same year, it experienced a second breach that exposed the personal information of 267 million members.
An online community for amateur hackers had publicly displayed information such as user phone numbers, full names, localities, and even some email addresses and passwords.
Regular users should implement common data security procedures to prevent the leakage of their data. This involves utilizing a Virtual Private Network (VPN) of superior quality and obtaining a reputable antivirus product.