A database containing up-to-date mobile phone numbers of 487 million Whatsapp users, including 19 million from Nigeria was leaked and put up for sale, with the dataset allegedly containing WhatsApp user data from 84 countries, a report by Cybernews has revealed.
The report showed that, the threat actor posted an ad on a well-known hacking community forum, claiming they were selling a 2022 database of 487 million WhatsApp users from 84 countries.
The threat actor also claimed that there are over 44 million records of Whatsapp users from Egypt included; 36million users from Italy; 32 users from USA; 28.8 million Whatsapp users from Saudi-Arabia; 19.8 million from France and 19.6 million Whatsapp users from Turkey.
The dataset for sale also allegedly has nearly 10 million Russians and over 11 million UK citizens’ phone numbers, among others.
In Africa, the actor claimed that he/she has the record of about 11.5 million Whatsapp users from Algeria, the record of nine million Whatsapp users from Nigeria and about one million Whatsapp users from Ghana.
The threat actor told Cybernews they were selling the US dataset for $7,000, the UK for $2,500, and Germany for $2,000.
Upon request, the seller of WhatsApp’s database shared a sample of data with Cybernews researchers. There were 1097 UK and 817 US user numbers in the shared sample.
Cybernews investigated all the numbers included in the sample and managed to confirm that all of them are, in fact, WhatsApp users.
The seller did not specify how they obtained the database, suggesting they “used their strategy” to collect the data, and assured Cybernews all the numbers in the instance belong to active WhatsApp users.
Head of Cybernews research team, Mantas Sasnauskas, said: “In this age, we all leave a sizeable digital footprint and tech giants like Meta should take all precautions and means to safeguard that data.
“We should ask whether an added clause of ‘scraping or platform abuse is not permitted in the Terms and Conditions’ is enough. Threat actors don’t care about those terms, so companies should take rigorous steps to mitigate threats and prevent platform abuse from a technical standpoint.”
To prevent personal data leaks, Sasnauskas advised regular Whatsapp users to adopt common data security practices, which includes using a high-quality VPN and getting a reliable antivirus programme.
