500 Million WhatsApp User’s Data for Sale on the Dark Web

A hacker has been behind a posted dataset on the dark web containing the personal information of around 500 million WhatsApp users back on November 16th. The post, uploaded to BeachForums, had the hacker attempting to sell up-to-date personal information of an estimated 487 million WhatsApp users spanning 84 countries.

CyberNews Report

The post stated that whoever bought the datasets would receive very recent mobile numbers of WhatsApp users. The leak was originally reported by CyberNews after they had investigated samples of the dataset provided by the hacker. CyberNews was able to verify the 1,914 numbers provided by the malicious actor were genuine WhatsApp contact numbers, concluding that the hacker’s claim certainly was valid.

According to the hacker, 32 million US users, 11 million UK users and 6 million German users were among the 487 million within the dataset. The going price for each of these datasets ranged between $7,000, $2,500 and $2,000 respectively.

There is no further information or clarification on exactly how such a large amount of user data had been collated, with the only statement about its origin being a ‘strategy’ that the hacker had developed to obtain such an amount. An investigation s still underway to find out what that strategy is.

Meta Under Fire

This development came just days following WhatsApp’s parent company, Meta faced a serious impact following allegedly firing employees as they broke Facebook’s terms of service by hacking into user accounts.

With this latest development, Meta was quick in full denial of the data leak, employing an unnamed spokesperson to reach out to multiple news and reporting sites that published or uncovered details of the leak on November 28. According to multiple sites and reports from those contacted by the Meta spokesperson, CyberNews’ article was based on unsubstantiated screenshots that provided no actual evidence of a data leak from WhatsApp or its parent company.

No Comment

WhatsApp has not commented on the incident or leak that has been alleged, with parent company Meta also not providing any official statement or update on the story. Meta has long been criticised for allowing third parties to scrape or harvest user data, with an archive containing data allegedly scraped from 500 million Linkedin profiles put up for sale just days after the big data leak on Facebook made headlines.

For more information on upcoming cybersecurity conferences and enterprise security, check out the upcoming events from Whitehall Media.