WhatsApp data leaked: 500 million user records for sale online
Someone is reportedly selling updated cell phone numbers to nearly 500 million WhatsApp users. A data sample examined by Cybernews likely confirms this to be true.
On November 16, an actor posted an ad on a well-known hacking forum, claiming that they sold a 2022 database of 487 million WhatsApp user mobile numbers.
The dataset reportedly contains WhatsApp user data from 84 countries. The threat actor claims that there are over 32 million US user records included.
Another large share of telephone numbers belong to the citizens of Egypt (45 million), Italy (35 million), Saudi Arabia (29 million), France (20 million) and Turkey (20 million).
The dataset for sale also reportedly has nearly 10 million Russian and over 11 million British citizens’ phone numbers.
The threat actor told Cybernews that they sold the US data set for $7,000, UK – $2,500 and Germany – $2,000.
Such information is mostly used by attackers for smishing and vishing attacks, so we advise users to be wary of calls from unknown numbers, unwanted calls and messages.
WhatsApp is reported to have more than two billion monthly active users globally.
Upon request, the seller of WhatsApp’s database shared a sample of data with Cybernews researchers. There were 1,097 UK and 817 US user numbers in the shared sample.
Cybernews investigated all the numbers included in the sample and was able to confirm that all of them are indeed WhatsApp users.
The vendor did not specify how they obtained the database, suggesting that they “used their strategy” to collect the data, and assured Cybernews that all the numbers in the instance belong to active WhatsApp users.
Cybernews reached out to WhatsApp’s parent company, Meta, but did not receive an immediate response. We will update the article as soon as we learn more.
The information about WhatsApp users can be obtained through large-scale data harvesting, also known as scraping, which violates WhatsApp’s terms of service.
This claim is purely speculative. However, quite often massive data dumps posted online turn out to be obtained by scraping.
Meta itself, long criticized for allowing third parties to scrape or collect user data, saw over 533 million user records leaked on a dark forum. The actor shared the dataset practically for free.
Days after a massive Facebook data leak made headlines, an archive of data allegedly scraped from 500 million LinkedIn profiles had been put up for sale on a popular hacking forum.
Leaked phone numbers can be used for marketing purposes, phishing, impersonation and fraud.
“In this age, we all leave a significant digital footprint – and tech giants like Meta should take every precaution and means to protect this data,” said head of the Cybernews research team Mantas Sasnauskas. “We should ask if an additional clause about ‘scraping or platform abuse is not allowed in the terms and conditions’ is enough. Threat actors don’t care about these terms, so companies should take strict steps to mitigate threats and prevent platform abuse from a technical standpoint.”
To prevent the consequences of personal data leaks, such as phishing or malware attacks, ordinary users should adopt common cyber security measures. This includes a reliable antivirus that blocks various cyber threats, such as TotalAV. And for online privacy, consider looking at the best VPN services on the market that encrypt your data. For example, we recommend NordVPN.
More from Cybernews:
WhatsApp, LinkedIn actively exploited to hijack Facebook Business accounts
Check if your data has been leaked
Five victims lose $10 million in ‘pig slaughter’ scheme
Scientists unveil device that scares away sharks
Bots snap up mispriced Apple MacBook Air laptops
Compromised emails can sometimes lead to bruised faces
Subscribe to our newsletter