Share this article on:
A malicious actor has come out claiming to be selling the data of almost 500 million WhatsApp users.
Posting to a well-known hacking forum, the hacker claimed to have the data from a 2022 database containing the mobile numbers of 487 million WhatsApp users across 84 countries, with 45 million in Egypt, 35 million in Italy, 32 million in the US, 29 million in Saudi Arabia, 20 million in France, 20 million in Turkey, 11 million in the UK and 10 million in Russia. Australia had 1.25 million.
The data for sale will prove ideal for hackers and malicious actors looking to conduct phone-based phishing attacks such as smishing which involves texts, and vishing which involves phone calls.
The hacker released a sample of the data at the request of cyber experts in the UK. The sample contained numbers from 1,097 UK and 817 US users, which were verified as real WhatsApp users.
The hacker has not revealed the method used for collecting the data, however, large data dumps are often obtained via a technique known as scraping.
Scraping is a form of attack that makes use of automated bots that extract data from a website. Screen scraping collects data based on pixels displayed on the screen while web scraping collects data from HTML code.
There is no confirmation that the data was obtained by scraping, but it does violate the terms of service of WhatsApp. However, it's parent company Meta, has allowed third parties to use scraping to collect user data.
Cybernews, who launched the investigation into the WhatsApp breach, has been informed by the hacker that they are selling the US number set for $7,000, the UK number set for $2,500 and the Germany number set for $2,000.