Phone numbers of 487 million WhatsApp users have been stolen and put on sale on a “well-known” hacking community forum, according to a report by Cybernews. The database, allegedly from 2022 containing this private information, spans users from 84 countries including the US, the UK, Egypt, Italy, and India. The hacker behind the breach claims all numbers belong to seemingly “active” WhatsApp users.
As per the report, the leaked database includes phone numbers of over 32 million users from the US and over 11.5 million from the UK. The breach, however, seems to have impacted users from Egypt the most with about 45 million potentially at risk.
The hacker also claims to have access to phone numbers of over 35 million users from Italy, nearly 10 million from Russia, and over 6 million users from India. WhatsApp has over two billion monthly active users globally and if the report were to be accurate, we may be looking at one of the, if not the biggest data breaches in the history of the Meta-owned instant messaging platform.
Cybernews was able to get in touch with the hacker, the report claims, and was able to obtain a sample of 1097 UK and 817 US user phone numbers from the list and upon investigation, its researchers found all of them to be active WhatsApp users. The hacker did not share finer details about how they got these numbers but the report speculates “scraping” could be one of the ways. The technique involves harvesting of data at scale, oftentimes using bots, and stands in violation of WhatsApp’s terms of service.
These numbers have reportedly been put on sale for about $7,000 for a database from the US while data of users from the UK and Germany are said to be available for $2,500 and $2,000, respectively.
This is not the first time Meta or one of its platforms has been caught in the middle of a data breach controversy. Personal data of over 533 million Facebook users from more than 100 countries including over 6 million records on users in India was reportedly leaked online last year in the aftermath of a vulnerability that the social media giant had patched in 2019. The same data was up for sale by a person who was selling a phone number or Facebook user ID for 20$ or in bulk for 5,000$ through a Telegram bot, previously.
Back in 2019, data of 419 million Facebook and 49 million Instagram users was exposed in databases online. In the same year, it had faced another breach leaving data of 267 million users exposed. Before that, there was the infamous Cambridge Analytica scandal, which was perhaps the first time Mark Zuckerberg’s company had come under the radar for its data collection practices.
WhatsApp is yet to make any comment on the Cybernews report. Regardless, it is always advisable to be mindful before clicking on any links or taking any calls from unsolicited/unknown numbers, those that may be phishing attacks in disguise.