Nov 29 – The data of 500 million users has been leaked on the Dark Web. An ad appearing on November 16 on a hacking forum claimed to be selling 487 million WhatsApp user mobile phone numbers. The threat actor claimed the dataset contains information from 84 countries, including Egypt (45 million), Italy (35 million), the U.S. (32 million), Saudi Arabia (29 million), France (20 million), among others. The U.S. dataset is being sold for $7000.
If the alleged hack is real, attackers can use the stolen phone numbers for targeted smishing, a form of phishing attack that uses SMS or MMS text messages to deliver bogus pretexts to get the phone user to click a link or download an attachment. Hackers have favored this attack vector as remote work and BYOD have become the norm during the pandemic. A related attack, vishing, occurs when threat actors utilize phone calls and voice mails to lure the target into responding with private details.
This latest hack is not a first for Meta, the parent company of WhatsApp. In 2019, it was determined that 535 million Facebook user records were scraped due to a website vulnerability. The data was said to have been leaked on the Dark Web in 2021. Consequently, Facebook faced heavy scrutiny, including the levy of a $5 billion fine by the U.S. Federal Trade Commission (FTC), alleging that the company misled users about how third parties were accessing personal information.
Sergey Shykevich, Threat Intelligence Group Manager at Check Point Software, comments:
“While the information on sale is only active phone numbers and not the content of any messages themselves, this is a very large-scale breach of a popular mobile application used by millions worldwide. One immediate consequence of the breach is the potential for those numbers to be used as part of tailored phishing attacks through the app itself. We urge all WhatsApp users to be extra vigilant about messages they receive and practice extreme caution when it comes to clicking on any links and messages shared on the app.”
For more details on the WhatsApp breach, click here. For more recent Twitter news, click here. Lastly, to receive more cutting-edge cyber security news, best practices and analyses, please sign up for the CyberTalk.org newsletter.