WhatsApp data leak: 500 million user records for sale

Someone is allegedly selling up-to-date mobile phone numbers of nearly 500 million WhatsApp users. A data sample investigated by Cybernews likely confirms this to be true.

On November 16, an actor posted an ad on a well-known hacking community forum, claiming they were selling a 2022 database of 487 million WhatsApp user mobile numbers.

The dataset allegedly contains WhatsApp user data from 84 countries. Threat actor claims there are over 32 million US user records included.

Another huge chunk of phone numbers belongs to the citizens of Egypt (45 million), Italy (35 million), Saudi Arabia (29 million), France (20 million), and Turkey (20 million).

The dataset for sale also allegedly has nearly 10 million Russian and over 11 million UK citizens' phone numbers.

The threat actor told Cybernews they were selling the US dataset for $7,000, the UK – $2,500, and Germany – $2,000.

Such information is mostly used by attackers for smishing and vishing attacks, so we recommend users to remain wary of any calls from unknown numbers, unsolicited calls and messages.

Meta itself, long criticized for letting third parties scrape or collect user data, saw over 533 million user records leaked on a dark forum. The actor was sharing the dataset practically for free.
Days after a massive Facebook data leak made the headlines, an archive containing data purportedly scraped from 500 million LinkedIn profiles had been put for sale on a popular hacker forum.
Leaked phone numbers could be used for marketing purposes, phishing, impersonation, and fraud.
“In this age, we all leave a sizeable digital footprint – and tech giants like Meta should take all precautions and means to safeguard that data,” head of Cybernews research team Mantas Sasnauskas said. “We should ask whether an added clause of 'scraping or platform abuse is not permitted in the Terms and Conditions' is enough. Threat actors don't care about those terms, so companies should take rigorous steps to mitigate threats and prevent platform abuse from a technical standpoint.”
To prevent consequences of personal data leaks, such as phishing or malware attacks, regular users should adopt common cybersecurity measures. This includes a reliable antivirus that blocks various cyberthreats, such as TotalAV. And for online privacy, consider looking at the the best VPNs for WhatsApp on the market that encrypt your data. For instance, we recommend NordVPN.