500 million WhatsApp mobile numbers up for sale on the dark web - CSO Online

A database of 487 cardinal WhatsApp users’ mobile numbers has been enactment up for merchantability connected a hacking assemblage forum. The information acceptable contains WhatsApp idiosyncratic information from much than 84 countries, the station shows. The communicative was archetypal reported by Cybernews.

The seller of the leaked information is besides offering it done the arguable messaging app Telegram, wherever the idiosyncratic oregon the radical goes by grip “Palm Yunn.” On the hacking assemblage forum, the idiosyncratic is listed arsenic “Agency123456.” The seller claims the database is from 2022.

Meta-owned WhatsApp has much than 2 billion active users globally and is 1 of the astir fashionable mobile messaging apps. If each the records are accurate, this information leak could interaction astir a 4th of each WhatsApp users.

Meta did not respond to email seeking comments connected the leak.

WhatsApp information could pb to incidents of fraud

Cybersecurity experts pass the leak could pb to incidents of fraud, smishing, and phishing. 

“The menace actors tin usage these mobile numbers for phishing campaigns. The mobile numbers if linked to slope accounts tin pb to monetary fraud arsenic well,” said Prashant Mali, a cybersecurity and privateness argumentation advocate.

The attackers tin usage leaked accusation for societal engineering, agreed Anand Prakash, laminitis of PingSafe and a bug bounty hunter. However, Prakash pointed retired that the leaked information  itself contains nary delicate information.

“I don't deliberation it is simply a precise captious leak, wherever idiosyncratic tin work the messages oregon log successful remotely connected WhatsApp. The leak lone discloses if a fig is progressive connected WhatsApp oregon not,” helium said.

Prakash suspects that the leak could person been the effect of immoderate vulnerability being exploited oregon a 3rd enactment that mightiness person leaked the data. However, the existent root of the leak could not beryllium ascertained.   

Cybernews has provided a link where users tin cheque if their fig is simply a portion of the leaked database oregon not. 

On the hacking assemblage forum , the seller claims the database has 32 cardinal records belonging to US WhatsApp users. In a speech with Cybernews, the seller said they are consenting to merchantability the US records to anyone who’s consenting to ammunition retired $7,000. 

The wide database besides has records of 45 cardinal users from Egypt, 34 cardinal from Italy, 29 cardinal from Saudi Arabia, 20 cardinal from France, 10 cardinal from Russia, 11 cardinal from the UK, and 6 cardinal users from India, the seller claimed. 

An advertisement was posted connected the hacking forum connected November 16 by the menace actors announcing the merchantability of the data.

A illustration information acceptable of 1,097 UK and 817 US users’ numbers were sent to Cybernews by the seller and the work researchers confirmed the information was legitimate. 

While the US information acceptable is being sold astatine $7,000, that of UK is being sold astatine $2,500 and Germany astatine $2,000, according to  the report. 

Social media users person been the people for hackers for a portion now. Vulnerabilities connected specified platforms could interaction millions oregon adjacent billions of users worldwide. For instance, successful October, astir 1.5 cardinal Facebook users’ information was enactment up for merchantability connected the dark web. The attackers had claimed the database contained names, email addresses, telephone numbers, locations, gender, and IDs of the users. However, wrong days of being posted the connection disappeared from the forum. 

Similarly, successful the aforesaid month, 500 cardinal LinkedIn profiles were besides enactment up for merchantability connected a hacker forum. The sellers had besides posted 2 cardinal records leaked arsenic a illustration to beryllium the authenticity of the data. The leaked information included the afloat names of the users, email addresses, telephone numbers, and workplace information. 

Apurva Venkat is main analogous for the India editions of CIO, CSO, and Computerworld.