WhatsApp has spoken out against recent reports that the phone numbers of 487 million users were up for sale on the dark web. A spokesperson from Meta-owned Whatsapp told Wion and Deccan Herald:
Discover our latest podcast
The claim written on Cybernews is based on unsubstantiated screenshots. There is no evidence of a ‘data leak’ from WhatsApp. The purported list is a set of phone numbers, and not WhatsApp user information.
Data leak
The initial report last week claimed that of the 2 billion users on WhatsApp, nearly 500 million had been victims of a data leak. The users are from 84 countries around the world and a threat actor, aka the individual or group that is threatening to leak the information, has claimed there are over 32 million US user records included, as per Cybernews:
Another huge chunk of phone numbers belongs to the citizens of Egypt (45 million), Italy (35 million), Saudi Arabia (29 million), France (20 million), and Turkey (20 million). The dataset for sale also allegedly has nearly 10 million Russian and over 11 million UK citizens' phone numbers.
The report is based on information in a hacking community forum where the data has been put up for sale by an anonymous seller. Investigative reporters asked for proof of the data it was stated that:
Upon request, the seller of WhatsApp's database shared a sample of data with Cybernews researchers. There were 1097 UK and 817 US user numbers in the shared sample.
For sale
The report claims that the threat actor is selling the US dataset for $7,000, the UK for $2,500, and Germany for $2,000. It didn’t reveal the price of other regions and it is currently unknown how the hacker managed to gain access to the phone numbers of millions of WhatsApp users.
Whilst WhatsApp disputes the data leak it is still possible that the claims of the hacker are true and they do have a sizable list of phone numbers. These could have been obtained by harvesting information at scale, also known as scraping, which violates WhatsApp’s Terms of Service. Alternatively hackers could have used phishing methods to collate the list, experts warn, as per Wion:
WhatsApp users need to be careful. Do not respond to an unknown number or messages. This is because hackers might use information through smishing and vishing. Smishing and vishing mean that the hackers will use fraudulent links through a text or voicemail. Clicking on these links or responding to them might lead users to lose critical data or their money.
The report has ignited talks about just how secure WhatsApp is, especially after Meta-owned Facebook also recently had over 533 million profiles leaked on the dark web, as per Cybernews.
Read more: Smishing: Here's how to spot fraudulent text messages
Sources used:
- Cybernews 'WhatsApp data leak: 500 million user records for sale online'
- World in One News 'WhatsApp says all reports of a ‘data leak' are based on 'unsubstantiated' screenshots'
- Deccan Herald 'WhatsApp denies data breach, says user data is safe'