On November 28, 2022, information regarding a new WhatsApp breach appeared. The hacker offers a database with stolen data for sale since November 16. The offered pack contains the data of over 487 million users from up to 84 countries.
WhatsApp hacked with used data exposition
WhatsApp, one of the most popular messaging applications under the sun, was reportedly hacked a couple of weeks ago. The messenger offers end-to-end encryption, but the breach seems to rely upon the back-end issue. As the hacker assures, the information it leaked from WhatsApp contains the phone numbers of the messenger users. The forum post where the hacker offers the data it stole was posted on November 16, hence the exact breach happened around this date.
The leak includes the data of more than 487 million users from 84 countries. Among them are European, Middle Eastern, Asian, African countries, and both Americas. Cybercriminal offers to purchase the database partially, by country or region. It is not clear if someone can buy the entire leak, but the prices for parts show that it will not be cheap. For instance, the UK database is priced at $2500, same as Germany. Meanwhile, the price for the pack with US users will cost $7000. To try out the leak, hackers offer a test sample of ~1000 numbers from the list.
What is the danger of such a leak?
Phone number is an important identifier of a person, which allows performing phishing attacks and impersonation. Threat actors can use phone numbers to perform mass spamming through SMS, as well as robocalls. Alternatively, crooks may spam you through messengers, including the same WhatsApp. These messages are not dangerous themselves, but any interaction with this thing can end up with more intensive spam or, if you are not careful, losing your money or reputation.
The other side of that sad story is security questions about WhatsApp. Apparently, that’s not the first time WhatsApp gets hacked. All other Meta products – Facebook and Instagram – did not avoid this ill fame as well. Besides being vulnerable to hackers’ attacks, these apps are also famous for their data collection capabilities. Nothing else can track your activity and interests in such an intensive manner. Targeted ads there, however, have subpar quality, so it is questionable if there’s any useful motive for using these services.
How can I protect myself?
As you can see from the recent cases with WhatsApp, Facebook and other social media, you should help yourself on your own when you’re gonna get drowned. It is not clear how did the hack happen, but it is clear how you can decrease the number of your data hackers can reach.
- Don’t share personal information. Untargeted spam in social networks has become a usual thing, but in more sophisticated cases, crooks rely upon the details you share on your profile. The less information you post – the less convincing phishing can possibly crooks perform.
- Keep your eye on recent breaches. In some cases, not phone numbers, but usernames and passwords are exposed. If you witness the news which tells you about the possible breach, it is better to preventively change your credentials. This or another way, such a procedure greatly increases your security.
- Use anti-spam apps. Not all of the hacks are loud enough to become public as soon as they happen. Most of the time, hackers will be able to sell considerable amounts of data they stole on the Darknet. To preventively avoid the consequences of this, use programs that automatically detect and delete spam SMS. They usually work by comparing the sender’s number with a pre-composed database. However, be careful with these apps as well, since they can malfunction sometimes, or leak your info to a third party. Use only well-proven ones.