Nearly 500 million WhatsApp users’ most recent mobile phone numbers are purportedly being sold by someone. Cybernews’ analysis of a data sample suggests that this is true.
On November 16, a hacker advertised on a well-known hacking site that they were offering a database with 487 million WhatsApp user mobile numbers as of the year 2022.
Data on WhatsApp users from 84 different countries is purportedly included in the file. Over 32 million US user records, according to the threat actor, are included.
The residents of Egypt (45 million), Italy (35 million), Saudi Arabia (29 million), France (20 million), and Turkey make up a sizable portion of the world’s phone numbers (20 million).
Over 11 million UK nationals’ phone numbers, as well as close to 10 million Russians’, are reportedly included in the information for sale.
The threat actor claimed to be selling the US dataset for $7,000, the UK dataset for $2,500, and the German dataset for $2,000, according to Cybernews.
Attackers frequently use this knowledge for smishing and vishing attacks, so we recommend users remain wary of any calls from unknown numbers, unsolicited calls, and messages.
Over two billion people use WhatsApp every month, according to reports.
The supplier of WhatsApp’s database granted Cybernews researchers access to a sample of the data upon request. The shared sample included 817 US user numbers and 1097 UK user numbers.
Cybernews looked into every number in the sample and was able to determine that every single one of them is actually a WhatsApp user.
The seller assured Cybernews that all the numbers in the instance are those of active WhatsApp users but did not disclose how they came into possession of the database, only saying they “applied their approach” to gather the information.
When Cybernews contacted Meta, the parent company of WhatsApp, there was no quick answer. As soon as we have new information, we will update the story.
Scalable data collection, commonly known as scraping, could be used to get user information for WhatsApp, which is against the service agreement.
This assertion is entirely conjectural. Massive data dumps published online, however, frequently turn out to have been obtained by scraping.
Over 533 million user records from Meta, which has long been criticized for allowing outside parties to scrape or harvest user data, were exposed on a dark forum. The actor was essentially giving away the dataset.
An archive allegedly comprising information stolen from 500 million LinkedIn profiles has been listed for sale on a well-known hacker site days after a significant Facebook data dump made news.
Phone numbers that have been leaked could be used for fraud, phishing, impersonation, and marketing.