Maria Irene
The unauthorised peddler introduced this vast database on a renowned hacking community forum, boasting that the numbers span 84 countries. The lineup allegedly includes an imposing 32 million US user records, 8.3 million Ausssie numbers along with significant caches from Egypt, Italy, Saudi Arabia, France, and Turkey. The offering also purports to include nearly 10 million Russian and 11 million UK citizens’ phone numbers.
A particularly disconcerting disclosure came when the threat actor unveiled their price tags to Cybernews, a cybersecurity news platform. Depending on the country, the dataset prices ranged from $2,000 for Germany to $7,000 for the US.
Data breaches of this magnitude present severe risks. Such information is prime fodder for cybercriminals engaging in smishing and vishing attacks. This calls for users to remain vigilant against unexpected calls and messages, particularly from unfamiliar numbers.
The method employed to assemble this database is still shrouded in mystery. The seller offered only an opaque hint, attributing it to “their strategy”, while asserting that all the numbers belonged to active WhatsApp users. There are speculations that the data could be the result of large-scale scraping, a process which starkly violates WhatsApp’s Terms of Service. The parent company, Meta, found itself in a storm of criticism earlier this year when over 533 million user records were leaked on a dark web forum. Shortly after, a data archive seemingly scraped from 500 million LinkedIn profiles emerged for sale on a hacker forum.
The repercussions of leaked phone numbers are wide-ranging, including misuse for marketing, phishing, impersonation, and fraud. Mantas Sasnauskas, the head of the Cybernews research team, warned, “In today’s world, our extensive digital footprint requires stringent protection measures from tech giants like Meta. It is incumbent on these companies to adopt robust measures to counter threats and inhibit platform abuse technically.”
As we grapple with this immense data breach, maintaining the security of our digital footprint is crucial. This episode serves as a stark reminder – it’s not merely a “WhatsApp Whirl”, but a glaring spotlight on the vulnerabilities inherent in our digital age.