A strange actor, on November 16, threatened to sell a database of almost 500 million mobile phone numbers belonging to WhatsApp users by posting an ad on a well-known hacking community forum.
The report says the database comprises fresh data, not older than 2022, nearly 487 million WhatsApp user mobile numbers around the globe.
A data sample investigated by Cybernews likely confirms this to be true.WhatsApp is informed to have more than two billion monthly active users globally. Hence, users are advised to be aware of any calls from unknown numbers, unwanted calls, and messages.
Cybersecurity researchers asked the threat actors to prove the quality of their sale with a sample of data, in order to confirm the certainty of the ad.
According to Cybernews, the seller of the WhatsApp’s database shared a sample of the data which contained, 1097 UK and 817 US valid. Cybernews confirms that the data belongs to WhatsApp users after the investigation of all numbers which was included in the sample.
Cybersecurity researchers suspect that the information “could be obtained by harvesting information at scale, also known as scraping, which violates WhatsApp’s Terms of Service”. Previously, Meta was complained for allowing third parties to scrape or collect user data, and even had 533 million user records leaked on hacking.
Also, it is to inform that the phone numbers of the 487 million WhatsApp users could cause malicious acts like phishing, impersonation, or fraud which leads to jackpot for cybercriminals functioning vishing and smishing
At high risk, cybersecurity researchers think Meta and other tech giants should be more committed to protecting their data users:
“We should ask whether an added clause of scraping or platform abuse is not permitted in the Terms and Conditions is enough. Threat actors don’t care about those terms, so companies should take rigorous steps to mitigate threats and prevent platform abuse from a technical standpoint”.
