Over the weekend, a report by CyberNews alleged that a cyber attacker is selling of millions of WhatsApp user data from around the world. WhatsApp quickly responded with a statement to Deccan Herald denying any security breaches and assuring users that there was no evidence of the data being stolen from its systems.
Meanwhile, a WhatsApp spokesperson talked to WION and said the data leak is based on “unsubstantiated screenshots.”
According to CyberNews, a threat actor (revealed by other reports as going by the name of AllDataSource) advertised a data set containing 487 million users’ data, which included 6 million Indian contacts, 4 million Indonesian contacts, and 3 million contacts from Singapore.
There are 84 countries reportedly affected, with the US having 32 million user records, Russia 9 million, England 11 million, and Brunei 200,000. Interestingly, the data sets for the US cost $7,000, $2,500 for the UK data sets, and $2,000 for Germany data sets.
Validity of the data leak
Alfons Tanujaya, a cyber security supervisor from Vaksincom, talked to Tempo on Sunday stating that the hacker offered sample data that seemed to be valid. According to Alfons, perpetrators usually obtain data through SMS phishing and voice phishing, both of which use links to encourage victims to click, while they are unaware of the malicious intent.
Shortly after releasing the report, Jurgita Lapienytė, Chief Editor of CyberNews, tweeted: “There’s no evidence WhatsApp has been hacked. The leak might be a scrape but that doesn’t mean it’s any less dangerous for the affected users.”
A scrape generally refers to the act of collecting data from a website without the consent of its owner. Although it’s not as serious as an actual hack, it can still lead to the compromise of user information and be used for malicious purposes.
WhatsApp: A hot target
WhatsApp, a subsidiary of Meta (which owns Facebook), is considered to be one of the world’s most secure messaging services. According to Business of Apps, WhatsApp has over 2 billion users worldwide and India is the app’s largest market. As of 2021, it generated $8.7 billion in revenue, almost all from their WhatsApp Business app.
In the US, SEC recently fined various banks, including JPMorgan Chase & Co and Bank of America, for a total of over $1 billion due to employees’ use of unapproved messaging tools, which includes WhatsApp.
The Indian government is seeking to pass a law that would regulate messaging apps like WhatsApp, Telegram and Signal due to security concerns. The country’s Department of Telecommunications (DoT) believes that there is a need for lawful interception of these applications due to their great potential for misuse.