A recent data leak was revealed when an unknown user was allegedly selling nearly 500 million WhatsApp users phone numbers on the dark web.
On November 16 2022, an unknown user took to a well-known online hacking forum claiming that they were selling a database of 487 million WhatsApp user phone numbers. WhatsApp has reported around two billion active users worldwide, however, this puts the data leak figure at just under 25% of all WhatsApp users. The dataset was said to contain user data from 84 countries, with major of the numbers belonging to the citizens of Egypt (45 million). It was claimed that the data leak also includes countries like the US with 32 million records, the UK with 11 million, Russia with 10 million, Italy with 35 million, Saudi Arabia with 29 million, France with 20 million and Turkey with 20 million.
There is currently no indication on how this massive database has fallen into illicit hands, but some security analysts say they could have been scraped from public databases. This leak is a breach in online privacy and can lead to serious risk as these numbers could be used to target the owners/victims with spam and phishing attacks, marketing, or even impersonation of the victims as a way to gain the trust of further third-party victims.
There is currently nothing victims can do concerning the data leak. However, victims can be wary of any calls from unknown numbers, unsolicited calls and messages containing spam or links or malicious content. Victims can also increase their privacy setting by going to WhatsApps Settings menu, hit Privacy, and then restrict all of the settings you see to Contacts Only. This way, any stranger who has your phone number would not see your last online status, profile information, or profile photo.
The Guyana National CIRT recommends that users and administrators review this alert and apply it where necessary.
Devaney, P. (2022, November 25). WhatsApp data leak: is your phone number up for sale? Retrieved from the softonic.
Lapienyt, J. (2022, November 25). WhatsApp data leak: 500 million user records for sale. Retrieved from cybernews.