The phone numbers of nearly 500 million WhatsApp users have been put up for sale online, one of the biggest data breaches ever. According to a report, the individual posted an ad on a hacking community forum claiming to sell a database of 487 million mobile numbers of WhatsApp users for the year 2022.
The database contains mobile numbers of WhatsApp users from 84 different countries that, include the US, UK, Egypt, Italy, Saudi Arabia, and even India. This information is mostly used by attackers to initiate attacks. It is, therefore, advisable for WhatsApp users to refrain from receiving calls and messages from unknown numbers.
Data Pack Of WhatsApp On Sale
The hacker claims that the data set contains more than 32 million user records in the US. Similarly, 45 million users are affected in Egypt, 35 million in Italy, 29 million in Saudi Arabia, 20 million in France and 20 million in Turkey. The database is said to contain almost 10 million Russian and over 11 million phone numbers of UK citizens. The report claims that the threat actor is selling the US dataset for $7,000 (approximately ₹5,71,690). While the cost of the UK and Germany datasets are $2,500 (approximately ₹2,04,175) and $2,000 (approximately ₹1,63,340), respectively.
WhatsApp’s Frequent Data Breaches
WhatsApp, a messaging platform owned by Meta, is one of the most popular messaging apps in the world. It is estimated that over a billion people use the app, sending over 65 billion messages a day. So it’s no surprise that security issues, malware threats, and spam have started to appear on the platform. Here’s everything you need to know about the most common WhatsApp security issues and scams.
- WhatsApp Web Malware
For years, WhatsApp has allowed you to open a webpage or download a desktop app, scan a code with the app on your phone, and use WhatsApp on your computer. The app stores on phones – the App Store for iOS and the Google Play Store for Android – are regulated more closely than the internet as a whole. When you look for WhatsApp in these stores, it’s generally clear which app is official. This does not apply to the wider Internet. Criminals, hackers, and fraudsters have all taken advantage of this. There have been cases where attackers have masqueraded as WhatsApp desktop apps with malicious software.
If you’re unlucky enough to download one of these files, the installation can spread malware or otherwise compromise your computer. Others have tried a different approach and created phishing websites to trick you into handing over personal information. Some apps do ask for phone numbers pretending to be WhatsApp web. However, they use this number to bombard you with spam or correlate it with other leaked or hacked data on the internet.
2. Unencrypted Backups
The feature of end-to-end encryption prevents your messages from being intercepted in transit, even by the Meta itself. In addition to cloud backup, there is also a local backup on your device. On Android, you can back up the app’s data to Google Drive. If you’re using an iPhone, then Cloud backup is your goal. These backups contain decrypted messages from your device.
A backup file stored on iCloud or Google Drive is not necessarily encrypted. Because this file contains decrypted versions of all your messages, it is theoretically vulnerable and undermines WhatsApp’s end-to-end encryption. Because you have no choice in the backup location, you are at the mercy of cloud providers to keep your data safe. Although no large-scale hacks have yet affected iCloud or Google Drive, that doesn’t mean it’s not possible. One of the supposed benefits of encryption, for better or worse, is the ability to prevent the government and law enforcement from accessing your data.
Since the unencrypted backup is stored with one of two US-based cloud storage providers, all it would take is permission, and the government could have unrestricted access to your messages. Fortunately, WhatsApp has updated its service to include end-to-end encrypted chat backups. However, this setting is disabled by default. Go to Settings > Chats > Chat backup > End-to-end encrypted backup and select On to secure your WhatsApp backups. You will need to create a password to protect your backups. However, remember that if you forget your password, you won’t be able to access your backups – WhatsApp can’t restore them for you.
3. Data Sharing With Facebook
Facebook, now meta, has mostly been criticized for its policies. One of these complaints is the company’s effective monopoly on the market and anti-competitive behavior. Regulators try to minimize anti-competitive behavior by evaluating any takeover attempts. So in 2014, when Meta decided it wanted to add WhatsApp to the “Meta Family,” the European Union (EU) approved the deal only after Meta assured it that the data of the companies would be separately kept.
Despite assuring users that their data would not be publicly available on Facebook, the result was that Meta would instead store it in your inaccessible and hidden Facebook profile. In the following years, Meta made changes to facilitate this data sharing. WhatsApp was implicated in the widespread violence that occurred in India in 2017 and 2018.
Messages containing details of fabricated child abductions were forwarded and spread across the platform, tailored to local information. These messages were widely shared among people on the networks and resulted in the lynching of those accused of these fake crimes. In Brazil, WhatsApp was the primary source of fake news during the 2018 election. Because this kind of misinformation spreads so easily, businessmen in Brazil set up companies to create disinformation campaigns against candidates, enabled by the fact that the app is used for both business and personal communication.
Both issues continued into 2018, an infamously terrible year for the Met. Digital misinformation is a difficult problem to tackle, but many have found WhatsApp’s response to these events to be apathetic.
4. WhatsApp Status
For many years, the WhatsApp status feature, a short line of text, was the only way to broadcast what you were doing at the time. This turned into WhatsApp Status, a clone of the popular Instagram Stories feature. Instagram is a platform that is designed to be public, although you can set your profile to private if you prefer. So you can assume that WhatsApp status sharing is also private.
Despite this simplicity, this application does not make it clear whether your blocked contacts can view your status. However, the company has done the smart thing and your blocked contacts cannot see your status regardless of your privacy settings. As with Instagram Stories, all videos and photos added to your status will disappear after 24 hours. Despite the transient nature of Status, be aware that anyone who can view your updates can save a copy without your knowledge.
This application doesn’t have a built-in feature to save status updates, but anyone can do it by taking a screenshot, uploading the screen, using WhatsApp status saver apps, and more. At the time of writing, WhatsApp doesn’t let you know if someone saves your update, so be careful not to share anything sensitive. More often than not, massive data sets posted online are obtained through scraping, which violates WhatsApp’s terms of service. Although the seller did not specify how he obtained the database, the vendor said he “used his strategy” to collect the data.
Is WhatsApp Safe To Use?
This isn’t the first time Meta and its platforms have hit the headlines for a data breach. Last year, it offered to leak information about more than 500 million Facebook users online for free. The leaked data then contained phone numbers and other details. WhatsApp is a confusing platform. On the one hand, the company has implemented end-to-end encryption in one of the most popular applications in the world, which is a definite security advantage. However, there are many security issues with WhatsApp. One of the main problems is that it is owned by Meta and suffers from many of the same privacy dangers and disinformation campaigns as its parent company.
Edited by Prakriti Arora