On November 16, an actor advertised a 2022 database of 487 million WhatsApp user mobile numbers on a well-known hacking community forum.
The dataset is said to contain WhatsApp user data from 84 different countries.
According to the threat actor, there are over 32 million US user records included.
Egypt (45 million), Italy (35 million), Saudi Arabia (29 million), France (20 million), and Turkey each have a sizable number of phone numbers (20 million).
The dataset for sale also allegedly contains the phone numbers of nearly 10 million Russians and over 11 million UK citizens.
The threat actor told Cybernews that they were selling the US dataset for $7,000, the UK dataset for $2,500, and the German dataset for $2,000.
Since such data is frequently used by attackers in smishing and vishing attacks, we advise users to be cautious of any calls from unknown numbers, as well as unsolicited calls and messages. According to reports, WhatsApp has more than two billion monthly active users worldwide. The seller of WhatsApp's database provided a sample of data to Cybernews researchers upon request. The shared sample included 1097 UK and 817 US user numbers.
Cybernews probed all of the numbers in the sample and was able to confirm that they are all WhatsApp users. The seller did not say how they obtained the database, only that they "used their strategy" to collect it, and assured Cybernews that all the numbers in the instance belong to active WhatsApp users.
Cybernews contacted WhatsApp's parent company, Meta, but received no immediate response. We will update the article as soon as we learn more. The data on WhatsApp users could be obtained by harvesting information at scale, also known as scraping, which is against WhatsApp's Terms of Service.
This claim is entirely speculative. However, large data dumps posted online are frequently obtained through scraping. Over 533 million user records were leaked on a dark forum by Meta, which has long been chastised for allowing third parties to scrape or collect user data. The actor was practically giving away the dataset for free.
Days after a massive Facebook data leak made headlines, a popular hacker forum listed an archive containing data purportedly scraped from 500 million LinkedIn profiles for sale. Phone numbers that have been leaked could be used for marketing, phishing, impersonation, and fraud.
Head of Cybernews research team Mantas Sasnauskas said, “In this age, we all leave a sizeable digital footprint – and tech giants like Meta should take all precautions and means to safeguard that data. We should ask whether an added clause of ‘scraping or platform abuse is not permitted in the Terms and Conditions’ is enough. Threat actors don’t care about those terms, so companies should take rigorous steps to mitigate threats and prevent platform abuse from a technical standpoint.”