Loading...

WhatsApp denies breach that allegedly leaked nearly 500mn phone numbers

WhatsApp denies breach that allegedly leaked nearly 500mn phone numbers
Photo Credit: Pixabay
Loading...

Meta-owned instant messaging service, WhatsApp, has denied the report of an alleged data breach of the service — that was said to have leaked phone numbers of nearly 500 million users from around the world, including India. In a statement, a WhatsApp spokesperson said that the data breach report was “based on unsubstantiated screenshots,” and that the company had “no evidence of a ‘data leak’.”

“The claim written on Cybernews is based on unsubstantiated screenshots. There is no evidence of a ‘data leak’ from WhatsApp,” the spokesperson said. 

On Saturday, CyberNews — a cyber security-focused publication — published a report stating that a threat actor was selling a database containing phone numbers of over 487 million users of WhatsApp. Of this, nearly 6.2 million phone numbers belonged to users located in India. Screenshots of the alleged database containing these breached phone numbers did not clarify if the database also included the names and any other details of the users who owned the respective phone numbers.

Loading...

Following the report, Jurgita Lapienytė, the chief editor of CyberNews, also tweeted that there was no evidence of a hack. “There's no evidence WhatsApp has been hacked. The leak might be a scrape but that doesn't mean it's any less dangerous for the affected users,” she wrote.

Security experts stated that even without an elaborate set of details, like names or other identification, leaked databases — if confirmed — are often purchased by cyber criminals, who subsequently use these phone numbers to initiate scams that may include phishing, identity theft and other related activities.

“Phone number harvesting is a very common practice today, and hackers often find clients such as telemarketers — who purchase such databases to sell their products. Even without a name attached to a number, such databases still find plenty of customers,” said Sandip Kumar Panda, founder and chief executive of Bengaluru-based cyber security firm, InstaSafe Technologies.

Loading...

However, Panda added that with data breaches becoming commonplace, it is also important to authenticate the veracity of breach-related claims.

“Meta, as a publicly-listed global firm, is bound by compliance to disclose any data breach. Given that they have denied the breach so far, the alleged database is largely speculative, and we have not found any conclusive evidence regarding the leak being authentic,” he said.

To be sure, this was not the first time that a data breach of this proportion has been alleged against a Meta Platforms app. In April last year, a report by PTI claimed to have discovered a database that included phone numbers, names, social media IDs, locations, profile biographies and even email addresses of over 533 million users across 106 nations. Of this, at least 6 million users were allegedly based in India.

Loading...

At the time, a Facebook spokesperson acknowledged the breach, and told PTI that the leaked data was “previously reported on” in 2019 — which the company fixed at the time.

In 2018, Meta (then Facebook) chief, Mark Zuckerberg, said in light of the Cambridge Analytica scandal that the company would restrict access to user data for third party apps — a factor that largely contributed to data of Facebook users being breached.

Three years since one of the biggest data collection and misinformation campaigns on the internet, Meta said on October 8 that it would inform 1 million users regarding their personal data being breached through over 400 malicious apps on Android and iOS devices — which tapped Facebook’s database to connect users.

Loading...

In September last year, the Irish Data Protection Commission also fined WhatsApp €225 million over alleged discrepancies on how the Meta-owned service handled personal information of users. Two months later, the company published a new privacy policy for its users in Europe, clarifying how the service collected and processed user data in the region.

However, WhatsApp stated at the time that the privacy policy update did not change the way its operations worked — including how user data was “processed, used or shared with anyone, including parent company Meta.”


Sign up for Newsletter

Select your Newsletter frequency