What you need to know
- A huge number of WhatsApp users may be susceptible to fraudulent activities and identity theft.
- Some 487 million WhatsApp mobile numbers have been supposedly compromised and sold on a hacking forum.
- The numbers apparently belong to active WhatsApp users in 84 countries.
WhatsApp might find itself in hot water over a privacy fiasco involving nearly half a billion numbers that have been purportedly sold on the dark web, potentially exposing a vast swath of users to fraudulent attacks.
According to Cybernews, some 487 million WhatsApp numbers are being sold on a hacking forum at varying prices, depending on the country of origin. For example, the U.S. dataset is sold for $7,000, the UK for $2,500, and Germany for $2,000.
The threat actor claimed that the numbers belonged to active WhatsApp users in 84 countries, with over 32 million accounting for U.S. users, 11 million for UK users, 45 million for Egyptians, and 35 million for Italians. The source did not disclose how the dataset was obtained. That said, Cybernews speculates that this large amount of data might have been put together using "scraping," a method of collecting information from various online sources.
If all of the WhatsApp numbers contained in the dataset are real, this could open the floodgates for fraudulent actors to launch malicious attacks such as smishing (fake SMS meant to obtain sensitive data) and vishing (fraudulent phone calls).
"WhatsApp users should be cautious — scammers might purchase the phone numbers from the dark web and use them for mass phishing campaigns," said Aleksandr Valentij, Surfshark’s information security officer. "However, if users act responsibly, they should be able to keep their data safe and avoid the negative consequences."
However, Cybernews had not seen the complete list of phone numbers in the database. The report only cited a sample of data, all of which apparently belonged to active WhatsApp users.
Meta did not provide a comment on the report when reached out by Android Central.
With over two billion daily WhatsApp users, it won't be surprising to see a list of phone numbers directly linked to WhatsApp accounts. However, a dataset with nearly 500 million numbers should be of concern to any company tasked with handling this information.
Surfshark cautions that "users must be on the lookout for fake deals with malicious links attached," with tons of Black Friday deals on phones and accessories clogging the internet.
"Black Friday is the perfect time for scammers to release their phishing campaigns in which they pose as legitimate companies," said Valentij. "If you receive an unusual offer with a link attached to it, there’s a good chance it’s a scam and that there’s a virus hiding behind that link. Try to keep a sharp mind this shopping season. If an offer seems too good to be true, it probably is."
