WhatsApp is the most-popular instant messaging service in the world. The Meta-owned platform is used by two billion-plus users . WhatsApp is amongst the most popular free messaging apps that was founded by Brian Acton and Jan Koum, former employees of Yahoo! The app can be used on both mobiles and desktops to share messages, send voice notes, pictures, videos, make video calls, and making payments. WhatsApp uses end-to-end encryption, which means only the sender and the receiver can view the content/messages shared on the app.
Now irony is a malicious actor has posted a data dump that allegedly contains the mobile phone numbers of 500 million confirmed WhatsApp users on a dark web forum.
According to investigators at Cybernews, the sales listing has been active since Nov. 16. Upon reaching the seller, researchers were given a small data sample, which included the phone numbers of 1,097 UK numbers and 817 US numbers.
“Cybernews investigated all the numbers included in the sample and managed to confirm that all of them are, in fact, WhatsApp users,” the researchers said.
Some countries where WhatsApp users are at risk
As per the report, the database claims to have stolen information from about a quarter of all WhatsApp users across the world. The poster shared by the seller notes that the phone numbers of users in several countries including the US (32 million users), the UK (11 million users), Russia (10 million users), Italy (35 million users), Saudi Arabia (29 million users) and India (over 6 million users) are at the risk of a data leak.
What are your risks?
Identity thieves and scammers can use leaked phone numbers to defraud victims.
If your phone number ends up in the wrong hands, cybercriminals can conduct social engineering attacks, including phishing via text (smishing) or directly calling (vishing) you to:
- Steal personally identifiable information (PII) and money
- Persuade you to install spyware/malware on your device
- Harass you and your family members
- Reroute messages or conduct SIM swap scams
But The report does not clearly tell how the phone numbers of so many active WhatsApp users were procured. The seller is expected to have put together the whole database using a process known as “scraping,” the report notes. In such a process, the data is gathered from different websites and not through a hack or any other cyber attack.
This means that the hacker might not have deployed a cyber attack against WhatsApp to collect all that data, but may have gathered these phone numbers from web pages. The seller also reportedly has confirmed that these numbers are used for WhatsApp and that the whole database was put on sale.
https://kashmirpatriot.com/2022/08/27/top-tips-to-help-you-protect-yourself-from-fraud-calls-and-messages/
Why the database is a risk for WhatsApp users
Hackers can use this database for spamming, phishing attempts, identity theft and other cybercriminal activities. The report cites that users won’t be able to know if their number is in the database but can follow some steps to evade scamming attempts.
WhatsApp offers multiple privacy settings like hiding status and profile pictures which users can enable to keep themselves safe from prying eyes.