- A forum user claims that the phone numbers of 487 million WhatsApp users from 84 different countries are for sale.
- Among leaked countries, Egypt, Italy, and the USA have the highest number of phone numbers stolen from WhatsApp’s database.
- Cybersecurity experts are warning users about possible phishing attacks that can target these users soon.
Someone created a post titled “487 million WhatsApp users database” on a popular forum among hackers to sell one of the biggest databases we have ever seen. The hacker claims that the database includes 487 million Whatsapp users’ phone numbers from 2022. The forum user didn’t specify a price for the database but instead shared a Telegram link to contact. Online news sources claim that the hacker is asking for different amounts of money for each country’s dataset.
With almost 500 million users’ information, it is one of the biggest datasets ever sold on a hacker forum. WhatsApp currently has approximately 2 billion monthly active users. Thus around 25% of its user base’s information is being sold if the allegations are true. Various users claimed that they tried the phone numbers shared as a sample, 1097 from the U.K. and 817 from the U.S. and they belonged to real active WhatsApp users.
The threat actors didn’t disclose how they obtained the information but they claim that all the phone numbers are from 2022. Meta, the parent company of WhatsApp and Facebook, didn’t make an official announcement yet about the incident. Considering the size of the database, it could be a result of data scraping, which means harvesting huge amounts of information, which is also against WhatsApp’s Terms of Service. The seller also provided a list of the number of datasets belonging to countries:
- Egypt: 44,823,547
- Italy: 35677,323
- USA: 32,315,282
- Saudi Arabia: 28,804,686
- France: 19,848,559
- Turkey: 19,638,821
- Morocco: 18,939,198
- Colombia: 17,957,908
- Iraq: 17,116,398
- Africa: 14,323,766
The experts also warned users to be careful against different forms of phishing attacks, such as smishing and vishing. This kind of leaked information is generally used in phishing attacks to steal user credentials.