Cybernews says 500 million WhatsApp users’ mobile data sold on the dark web; Meta denies data breach, says user data is safe

Cybernews Investigation Finds Latest Mobile Numbers of Nearly 500 Million WhatsApp Users Being Sold on the Dark Web

A sample of data from a Cybernews investigation may confirm that someone is allegedly selling the most recent cell phone numbers of nearly 500 million WhatsApp users.

On November 16, a hacker posted an ad on the BreachForums forum, a well-known hacking community on the Dark Web, claiming they were selling a 2022 database containing the cell phone numbers of 487 million WhatsApp users.

The dataset allegedly contains data on WhatsApp users from 84 countries/regions, which the hackers claim contains more than 32 million records of U.S. users, with another large number of phone numbers belonging to citizens of Egypt (45 million), Italy (35 million), Saudi Arabia (29 million), France (20 million) and Turkey (20 million), among other countries. The data set for sale also allegedly contains the phone numbers of nearly 10 million Russian citizens, more than 11 million British citizens, and about 6.1 million Indian citizens.

The compromised phone numbers could be used for marketing purposes, phishing, impersonation and fraud. The threat actor also told Cybernews that they are selling the U.S. (32 million) dataset for $7,000, the U.K. (11 million users) dataset for $2,500 and the German (6 million users) dataset for $2,000.

WhatsApp reportedly has more than 2 billion monthly active users worldwide.

Cybernews' analysis of the sample suggests that the dataset may have been obtained by hackers through data crawling

Upon request, the seller of the WhatsApp dataset shared a sample of data with Cybernews researchers, with 1,097 UK and 817 US user numbers in the shared sample. investigated all of the numbers included in the sample and managed to confirm that all of those mobile numbers were indeed WhatsApp users.

The sellers did not specify how they obtained the data set, suggesting that they "used their tactics" to collect the data and assuring Cybernews that all of the numbers in the example belonged to active WhatsApp users.

WhatsApp users' information may have been obtained through mass information harvesting (also known as crawling), in violation of WhatsApp's terms of service. This claim is purely speculative. However, in many cases, large sets of data published online are obtained through crawling.

Meta, long criticized for allowing third parties to crawl or collect user data, once leaked more than 533 million Facebook user records on a dark web forum, threatening actors who chose to share the dataset for free; a few days after Facebook's massive data breach made headlines, a data file containing data allegedly crawled from 500 million LinkedIn profiles of data sold on yet another popular hacking forum.

Much of this information is used by attackers for phishing and pharming attacks, so Cyber advises users to be wary of any calls, unsolicited calls and messages from unknown numbers.

WhatsApp denies data breach, says user data is safe

WhatsApp has categorically denied the CyberNews report, and the Meta-owned messaging app said CyberNews has no substantial evidence to prove that the user data it shows was obtained from WhatsApp.

A WhatsApp spokesperson said, "The report on Cybernews is based on unconfirmed screenshots. There is no evidence of a 'data breach' on WhatsApp."

There are no official reports of any threat actors misusing leaked user data. Through email IDs and phone numbers, threat actors use phishing techniques to scam naive users.