In a recent breach of data security, a threat actor has put up approximately 500 million phone numbers of active WhatsApp users for sale on a well-known hacking community forum. The database apparently contains data from WhatsApp users belonging to 84 countries. Meta-owned WhatsApp is one of the biggest messaging platforms with around 2 billion users across the globe, which means the database allegedly contains the phone numbers of one-quarter of WhatsApp users. According to Cybernews, the database contains the phone numbers of over 32 million users from the U.S., 45 million from Egypt, 5 million from Italy, 29 million from Saudi Arabia, 20 million (each) from France and Turkey, 10 million phone numbers from Russian users, and over 11 million numbers are from the UK.
Are The Phone Numbers Valid?
While the seller did not disclose how they obtained the phone number of approximately 487 million active WhatsApp users, they said that they “used their strategy” to collect the data. At the request of Cybernews researchers, the seller of WhatsApp’s database shared a sample of data to verify if the phone numbers put up for sale are valid. Upon verification, it was found that 1097 numbers belonged to UK users while 817 numbers belonged to UK users. There is a possibility that the leaked database was obtained by harvesting information at scale, also known as scraping, through the use of an automated tool for any unpermitted purpose, violating the WhatsApp Terms of Service. In other words, WhatsApp wasn’t hacked, but these hackers may have collected approximately 487 million phone numbers from web pages, by searching and saving users’ information including phone numbers, user profile pictures, and statuses from the WhatsApp platform. Leaked phone numbers could end up being used for malicious acts such as marketing purposes, phishing, impersonation, and fraud. “In this age, we all leave a sizeable digital footprint – and tech giants like Meta should take all precautions and means to safeguard that data,” said Mantas Sasnauskas, head of the Cybernews research team. “We should ask whether an added clause of ‘scraping or platform abuse is not permitted in the Terms and Conditions is enough. Threat actors don’t care about those terms, so companies should take rigorous steps to mitigate threats and prevent platform abuse from a technical standpoint.” Currently, there is no way of finding out whether your phone number is in that leaked database. In order to keep yourself safe and secure from hackers, you can open the WhatsApp app, go to “Settings,” then “Privacy,” and change settings such as “Last seen and online,” “Profile photo,” and “About” to “Contacts only.”