A post on the dark web is offering almost 500 million WhatsApp user profiles for sale. The data leak represents another security issue for the highly popular Meta-owned messaging app, and appears to impact users in countries throughout the world.
Dark web post offers WhatsApp profile information divided up by country of origin
WhatsApp has yet to confirm that the data leak is legitimate, with a spokesperson saying that at present the only evidence of it is the set of screenshots that the attacker posted to a dark web forum. It thus remains possible that this is at least some amount of old data, material taken from data breaches of other platforms, or even junk data. The incident also awaits verification by independent security researchers. Check Point has examined the data that was posted and found that 360 million phone numbers are legitimate, but not necessarily associated with WhatsApp.
But if it is legitimate, the data leak would impact about a quarter of WhatsApp’s worldwide user base. Some countries were hit harder than others, but the dark web post claims that the data comes from nations all over the world (and is selling packages of it based on national origin). All of this would point to an API scraping method as the source of the attack, something that criminals are showing more interest in lately due to its very low risk and relative simplicity.
As this data leak demonstrates, API scraping usually does not yield much sensitive personal information on its own. But it provides private contact information that attackers can leverage for targeted attempts on individual users, looking to bait them into clicking on a malware link or fall for some sort of confidence scheme.
Veracity, extent of WhatsApp data leak still being assessed
It remains unclear exactly what the status of the WhatsApp data leak is, but it has been confirmed that the company’s messaging system has not been compromised in any way. The potential damage appears to be confined to the phone numbers that users attach to their accounts, which are generally kept hidden from public view.
So far there are no public bulletins about increased attacks or phishing attempts stemming from this data leak, but the general advice in these situations applies: be wary of any unsolicited incoming messages associated with the leaked contact information, particularly that appear to be coming from WhatsApp or Meta itself or that involve entering WhatsApp or other Meta credentials for some reason.
The dark web post offers sets of information by nation for varying prices, and these sets also vary greatly in size. The largest amounts of records, numbering in the tens of millions, were stolen from several particular countries: Egypt, Italy, the United States, Saudi Arabia, France and Turkey. Numerous other nations have a stolen record count ranging from the high hundreds of thousands to the low millions.
The larger sets and those from more potentially lucrative regions command higher prices, ranging up to $7,000 for the set of US data. However, Check Point’s initial examination of these phone numbers leads the researchers to believe that at least some of the data may be from an older Facebook data leak from 2019, which was previously available on the dark web.