WhatsApp data leak has 500 million accounts’ info up for sale on dark web

Update: 

"The claim written on Cybernews is based on unsubstantiated screenshots. There is no evidence of a ‘data leak’ from WhatsApp." – a WhatsApp Spokesperson

Also pls note – On -background: the purported list is a set of phone numbers – and not “WhatsApp user information”

Additionally, the reporter of the Cybernews article has also tweeted that there's no evidence of a data hack/ leak on WhatsApp. Please refer below to her tweet:​

There's no evidence WhatsApp has been hacked. The leak might be a scrape but that doesn't mean it's any less dangerous for the affected users. https://t.co/7x9aDFaKQa

— Jurgita Lapienytė (@lapienyte) November 26, 2022

An investigation done by Cybernews has revealed that updated account data including phone numbers of about 500 million WhatsApp users has been leaked and put up on sale on a hacking forum. This leak had come to surface on November 16, when one of the hackers had put up a post on a hacking community forum, advertising the data breach.

The modus operandi of the hacker seems to be unclear at the moment. However, as per the claims made by Cybernews based on the data that was shared with them from the leak, has phone numbers of users that are actually a part of the active user pool of the platform which sits at two billion active users across the world. This means that 1/4th of the total user base of the platform is at risk.

More info about WhatsApp data leak

It was also found that the users whose data is included in the leak, are from 84 different nationalities. This includes countries like Australia, Belgium, and even the US. AT the time of writing, the most probable method used by the hackers to obtain the information seems to be data scraping, which has earlier been used to gather data of users from other social platforms.

While this practice is against Terms of Service of WhatsApp, which is the platform in question at the moment, experts from Cybernews have questioned the stance of Meta when it comes to providing protection against such moves by actors with malicious intent. “We should ask whether an added clause of 'scraping or platform abuse is not permitted in the Terms and Conditions' is enough. Threat actors don't care about those terms, so companies should take rigorous steps to mitigate threats and prevent platform abuse from a technical standpoint,” head of Cybernews research team Mantas Sasnauskas said.

There have been previous instances of such leaks, even on Meta’s own platforms like Facebook, which last year suffered a data leak of similar scale. This leaves us with questions about so many things. The most prominent of which remains, “Are they protective enough?”. Such questions are best left for experts to answer for now. All we can do is adopt the best practices that we can to prevent our data from being a part of such leaks and breaches. 

For more technology news, product reviews, sci-tech features and updates, keep reading Digit.in or head to our Google News page. 

Follow Us

Satvik Pandey

Satvik Pandey, is a self-professed Steve Jobs (not Apple) fanboy, a science & tech writer, and a sports addict. At Digit, he works as a Deputy Features Editor, and manages the daily functioning of the magazine. He also reviews audio-products (speakers, headphones, soundbars, etc.), smartwatches, projectors, and everything else that he can get his hands on. A media and communications graduate, Satvik is also an avid shutterbug, and when he's not working or gaming, he can be found fiddling with any camera he can get his hands on and helping produce videos – which means he spends an awful amount of time in our studio. His game of choice is Counter-Strike, and he's still attempting to turn pro. He can talk your ear off about the game, and we'd strongly advise you to steer clear of the topic unless you too are a CS junkie. View Full Profile