Just in time for the Holidays—500 Million WhatsApp users have their data sold on the Dark Web | MetaBlaze News
The perennial holiday season phishing campaigns are beginning to pick up. This year, however, attackers have gained some powerful ammo to add to their arsenal. The popular messaging app, WhatsApp, has purportedly exposed almost 500 million users' personal information. The stolen data, which includes WhatsApp users' names and phone numbers, is currently being sold on the dark web. This information will make impersonation, fraud, and spear phishing much easier for the bad actors who treat cybercrime as their day job.
On November 16th, 2022, an advertisement was published on a popular hacker forum. The ad claimed that the mobile numbers of 487 million WhatsApp users worldwide were up for sale. Per the seller who posted the ad, over 32 million mobile phone numbers were taken from WhatsApp users in the US.
Curious to confirm if the posting was legit, researchers from CyberNews.com contacted the seller through the advertisement. The prices described by the seller varied per country: $7,000 for the US dataset, $2,500 for the UK dataset, and $2,000 for the German dataset.
Upon the researcher's request, the seller provided a sampling of the stolen data. The sample included 1097 UK and 817 US user phone numbers. CyberNews confirmed that every phone number on this file coincided with a WhatsApp user account.
Even with this evidence made public by CyberNews, the massive data breach has yet to be confirmed by Meta (the company which owns WhatsApp, along with Facebook and Instagram). So far, the only public response from Meta is a quote provided to The Times of India, which states: "The claim written on CyberNews is based on unsubstantiated screenshots. There is no evidence of a 'data leak' from WhatsApp," The spokesperson also claimed that the listing of numbers currently up for sale is simply a random phone number dump, not one belonging solely to Whatsapp users.
Based on the research conducted on the 1,914 sample numbers provided to CyberNews, this dump does not seem as "random" as Meta would make it out to be.
The editor of the CyberNews article took to Twitter in response to the claims made by Meta's spokesperson. Stating that "There's no evidence WhatsApp has been hacked. The leak might be a scrape, but that doesn't mean it's any less dangerous for the affected users."
The "scrape" the CyberNews editor is referring to is a shady data exfiltration method known in the industry as "Web Scraping." Web Scraping on its own is not inherently illegal. It is simply the technique of using bots to retrieve all data of specific criteria from a targeted webpage. This data is then placed in an easy-to-read format, such as an excel spreadsheet, for review.
The somewhat moral purpose of Web Scraping is business acquisitions. Some companies will attempt to scrape the internet to compile information necessary for making business or investment choices.
Web Scraping becomes a crime if the scraped data is not considered publicly available. More commonly, however, Web Scraping is employed by bad actors attempting to retrieve non-public data in a non-intrusive manner. However, this leaves some gray area, as some will argue that if data was retrieved via Web Scraping, then that information was publicly available.
If confirmed that this information was gathered by Web Scraping, as opposed to hackers infiltrating the platform, a much larger discussion will stem from this situation. Why was user data so easily scraped from a platform as widely popular as WhatsApp? How will Meta address the rightful concerns of its user base about how the company is protecting the personal data they have been entrusted with?
The result remains the same regardless of how WhatsApp data leaked from the platform. Hundreds of millions worldwide have been primed as targets for spear phishing, impersonation, and general fraud due to this leak.
Going into the 2022 holiday season, all current and former WhatsApp users should be highly skeptical of all phone calls, texts, and emails from unknown contacts. This is a common recommendation you will find floating around every December, regardless of the circumstances. This year, however, it rings painfully true to any of the 487 million WhatsApp users whose information is being brokered on the Dark Web while you read this article. Stay safe, community!
About the author: CSO at MetaBlaze. Prior U.S. government asset and cybersecurity professional with over 15 years of experience. Aside from writing and content creation, the author is a penetration tester (ethical hacker), incident responder and security leader.