In a recent data security breach, a threat actor posted over 500 million active WhatsApp users’ phone numbers for sale on a well-known hacker platform. The database reportedly includes information from WhatsApp users in 84 different countries.
The Cybernews report says the database holds phone numbers of more than 32 million US user records, 45 million from Egypt, 5 million from Italy, 29 million from Saudi Arabia, 20 million (each) from France and Turkey, 10 million phone numbers from Russian users, and over 11 million numbers are from the UK.
“The seller did not specify how they obtained the database, suggesting they “used their strategy” to collect the data”, Cybernews
While the seller did not disclose how they obtained the phone number, at the request of Cybernews researchers, the seller of WhatsApp’s database shared a sample of data to verify if the phone numbers put up for sale are valid.
Following verification, it was discovered that 817 numbers and 1097 numbers both belonged to UK users.
Notably, Scalable data collection, commonly known as scraping, could be used to get user information for WhatsApp, which is against the service agreement. This assertion is entirely hypothetical. Massive data dumps published online; however, frequently turn out to be scraped.
Over 533 million user records from Meta, which has long been criticized for allowing outside parties to scrape user data, were exposed on a dark forum.
Head of Cybernews research team Mantas Sasnauskas said, “In this age, we all leave a sizeable digital footprint – and tech giants like Meta should take all precautions and means to safeguard that data”.
“We should ask whether an added clause of ‘scraping or platform abuse is not permitted in the Terms and Conditions is enough. Threat actors don’t care about those terms, so companies should take rigorous steps to mitigate threats and prevent platform abuse from a technical standpoint.”
Over two billion people use WhatsApp every month, according to reports. Users should implement standard data security policies to avoid personal data leaks. This involves buying a trustworthy antivirus application and employing the best VPN.
Penetration Testing As a Service – Download Red Team & Blue Team Workspace
Splunk Inc. has disclosed two significant vulnerabilities within its software suite, posing a considerable risk…
GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report that highlights…
In 2023, C2A Security added multiple OEMs and Tier 1s to its portfolio of customers,…
Apple users are falling prey to a sophisticated phishing campaign designed to hijack their Apple…
Hackers have been found leveraging weaponized virtual hard disk (VHD) files to deploy the notorious…
A security update released by ChatRTX on March 26th, 2024, addresses two vulnerabilities (CVE-2024-0082 and…