November 28, 2022
Meta-owned WhatsApp is back in news, not for its updates this time but for its user's security being under threat.
A person on the internet has claimed to allegedly possess up-to-date mobile phone numbers of around 500 million users of the social messaging website, an online publication Cybernews reported after confirming via an investigated data sample.
The person claiming to have the alleged information posted an ad to sell the data on a hacking community forum on November 16 and offered to sell the 2022 database of around 487 million users of WhatsApp with "recent mobile numbers".
According to the ad, the dataset reportedly contains information of users from 84 countries. The alleged seller claims the availability of records of more than 45 million users from Egypt, 35 million from Italy, and over 32 million users from the US.
Meanwhile, other countries include 29 million users from Saudi Arabia, and 20 million from France and Turkey each.
Nearly 10 million users from Russia and more than 11 million from the United Kingdom are also allegedly at risk of having their mobile phone numbers on sale.
The individual selling the information spoke with Cybernews informing them about selling datasets from the US, UK and Germany for $7,000, $2,500, and $2,000, respectively.
According to reports, WhatsApp has over two billion active monthly users around the world.
Information such as users' mobile phone numbers is mostly misused by attackers for vishing and smishing attacks; therefore, users are recommended to remain cautious of responding to unsolicited calls and messages, as well as remain wary of unknown numbers.
The alleged seller has not specified how they gathered the data, instead informing Cybernews that they “used their strategy” for data collection assuring the publication that all numbers in their possession belong to active users of the social messaging application.
Meta, meanwhile, has not yet commented on the matter.
“In this age, we all leave a sizeable digital footprint – and tech giants like Meta should take all precautions and means to safeguard that data,” Mantas Sasnauskas, head of Cybernews research team, said.
He added that users should "ask whether an added clause of 'scraping or platform abuse is not permitted in the Terms and Conditions' is enough. Threat actors don't care about those terms, so companies should take rigorous steps to mitigate threats and prevent platform abuse from a technical standpoint.”