There are rumors that someone is selling the phone numbers of almost 500 million WhatsApp users. Cybernews looked at a sample of data, which makes it likely that this is true.
On November 16, an actor put up an ad on a well-known hacking forum, saying that they were selling a list of 487 million WhatsApp user phone numbers from 2022.
The dataset is said to have information about WhatsApp users from 84 countries. Threat actor says that more than 32 million records of US users are included.
The people of Egypt (45 million), Italy (35 million), Saudi Arabia (29 million), France (20 million), and Turkey (20 million) also have a lot of phone numbers (20 million).
The dataset for sale is also said to have the phone numbers of over 11 million UK citizens and nearly 10 million Russians.
The threat actor told Cybernews that they were selling the US dataset for $7,000, the UK dataset for $2,500, and the Germany dataset for $2,000.
Most of the time, attackers use this kind of information for smishing and vishing, so users should be wary of calls and messages from unknown numbers or that they didn’t ask for.
It is said that more than two billion people use WhatsApp every month around the world.
When researchers from Cybernews asked for a sample of data, the person selling WhatsApp’s database gave them one. In the shared sample, there were numbers for 1097 UK users and 817 US users.
Cybernews looked into all of the numbers in the sample and found that they all belong to people who use WhatsApp.
The seller didn’t say how they got the database, but they hinted that they “used their strategy” to get it. They also told Cybernews that all the numbers in the case belong to active WhatsApp users.
Meta, the company that owns WhatsApp has not responded in the matter as yet.
The information about WhatsApp users could be gathered through a process called “scraping,” which is against the Terms of Service for WhatsApp.
This claim is based on nothing but guesses. But scraping is often used to get huge amounts of data that are posted online.
Over 533 million user records were leaked on a dark forum. Meta has been criticized for a long time for letting third parties scrape or collect user data. The actor was giving away the data almost for free.
A few days after a big Facebook data leak made headlines, a hacker forum put up for sale what was said to be an archive of data scraped from 500 million LinkedIn profiles.
Phone numbers that get out could be used for marketing, phishing, pretending to be someone else, and fraud.
Mantas Sasnauskas, head of Cybernews’ research team, said, “In this age, we all leave a big digital footprint, and tech giants like Meta should do everything they can to protect that data.” We should ask if adding a sentence to the Terms and Conditions that says “scraping or abusing the platform is not allowed” is enough. Threat actors don’t care about these terms, so companies should take strong technical steps to reduce threats and stop platform abuse.