WhatsApp It is the most used instant messaging app in Latin America and several other countries in the world, including our country. Unfortunately, this popularity causes cybercriminals focus on the data of their users and this case demonstrates it. A new report reveals that a hacker is selling the phone numbers of nearly 500 million users around the world, including more than 8 million from Peru.
The cybersecurity portal cybernews mentions that on November 16, a user published a notice in a well-known forum hackers of Internet pointing out that it was selling a database updated to 2022 made up of some 487 million phone numbers of users of WhatsApp who come from 84 countries around the planet.
The phone numbers of millions of WhatsApp users for sale
The author indicated the approximate amount of user data according to his country. Among the nations with the largest number of leaked phone numbers are Egypt (44 million), Italy (35 million), United States (32 million), Saudi Arabia (28 million) Y France (19 million). In the specific case of our country, the cybercriminal indicates that there are 8,075,317 telephone numbers of Peruvian users in said database.
The signature cybernews points out in his report that he was able to verify the authenticity of the data sold by the hacker based on a sample that was provided to him by the same author (1097 phone numbers United Kingdom and 817 of USA). The seller did not reveal how he managed to obtain all these numbers and only suggested that he used a strategy to collect them, ensuring that absolutely all of them belong to active users of WhatsApp.
The author of the report mentions that the information about the users of WhatsApp could have been obtained by collecting information at scale (scraping), technique that goes against the terms of service of the app. However, since there is no way to verify this, this is just speculation based on previous cases where massive data posted online was obtained in this way.
Waiting for a response from Meta
Goal company that owns WhatsApp has been criticized in the past for allowing third parties to make scraping or collect user data. Previously, more than 533 million users’ phone numbers were leaked in a forum similar to the one in this case and, what is worse, the actor shared the data set practically for free. The data leaked in this new attack could be used for hacking purposes. marketing, phishing either fraud.
“In this day and age, we all leave a sizeable digital footprint, and tech giants like Goal they should take all precautions and means to safeguard such data. We should ask ourselves if an added clause of ‘the use of scraping or abuse of the platform in the Terms and Conditions’ is enough. Threat actors don’t care about those terms, so companies should take rigorous measures to mitigate threats and prevent platform abuse from a technical standpoint.” said Sasnauskas Blankets head of the research team cybernews.