According to a report by Cybernews, the phone numbers of more than half a billion WhatsApp users have been leaked and put online for sale. The publication claims to have investigated a data sample after discovering a "well-known hacking community forum" post that claimed to be selling a database of 487 million users. To give readers an idea, 487 million makes up a quarter of WhatsApp's two billion monthly active users.
The leaked data contains the phone numbers of users, which could be used for scamming people. The database contains the details of 44 million users from Egypt, 35 million users from Italy, 32 million from the USA, 28 million from Saudi Arabia, and about 6 million users from India, among others countries. "The dataset for sale also allegedly has nearly 10 million Russian and over 11 million UK citizens' phone numbers," adds the report.
The threat actor told the publication that the United States' dataset is being sold for $7,000, and the United Kingdom's dataset is being sold for $2,500. More often than not, such a database is often used by bad actors for vishing attacks. Upon request, the threat actor shared a data sample with the publication, which confirmed that all the phone numbers were true of existing WhatsApp users.
This is not the first time a Meta-owned platform has seen a data breach. Before this, the data of millions of Facebook users was being sold in a dark web forum. The Microsoft-owned professional networking platform LinkedIn recently witnessed a massive data breach. Although it is very difficult to check whether a user's data has been leaked, they should avoid responding to calls, messages or emails from strangers, especially those that contain a link, as it could redirect them to a malicious website.