Someone is allegedly selling the current phone numbers of nearly 500 million WhatsApp users. This is likely confirmed by a data sample examined by Cybernews.
On November 16, an actor advertised a 2022 database of 487 million WhatsApp user mobile numbers on a well-known hacking community forum.
Each country has a large number of phone numbers, including Egypt (45 million), Italy (35 million), Saudi Arabia (29 million), France (20 million), and Turkey (20 million).
The dataset for sale also allegedly contains the phone numbers of nearly 10 million Russians and over 11 million UK citizens.
The threat actor told Cybernews that they were selling the US dataset for $7,000, the UK dataset for $2,500, and the German dataset for $2,000.
According to reports, WhatsApp has more than two billion monthly active users worldwide.
The seller of WhatsApp’s database provided a sample of data to Cybernews researchers upon request. The shared sample included 1097 UK and 817 US user numbers.
Cybernews investigated all of the numbers in the sample and was able to confirm that they are all WhatsApp users.
The seller did not specify how they obtained the database, only stating that they “used their strategy” and assured Cybernews that all of the numbers in the instance belong to active WhatsApp users.
Cybernews contacted WhatsApp’s parent company, Meta, but did not receive an immediate response. As soon as we learn more, we will update the article.
The information on WhatsApp users could be obtained by mass data harvesting, also known as scraping, which is a violation of WhatsApp’s Terms of Service.
This assertion is entirely speculative. However, massive data dumps posted online are frequently obtained through scraping.
Over 533 million user records were leaked on a dark forum by Meta, which has long been chastised for allowing third parties to scrape or collect user data. The actor was practically giving away the dataset for free.
Days after a massive Facebook data leak made headlines, a popular hacker forum listed an archive containing data purportedly scraped from 500 million LinkedIn profiles for sale.
Phone numbers that have been leaked could be used for marketing, phishing, impersonation, and fraud.
“In this age, we all leave a sizeable digital footprint – and tech giants like Meta should take all precautions and means to safeguard that data,” head of Cybernews research team Mantas Sasnauskas said. “We should ask whether an added clause of ‘scraping or platform abuse is not permitted in the Terms and Conditions’ is enough. Threat actors don’t care about those terms, so companies should take rigorous steps to mitigate threats and prevent platform abuse from a technical standpoint.”
Main Image:PIXABAY
