500 million WhatsApp mobile numbers up for sale on the dark web

A database of 487 million WhatsApp users’ mobile numbers has been put up for sale on the Breached.vc hacking community forum. The data set contains information on WhatsApp users from more than 84 countries, the post shows. The story was first reported by Cybernews.

The seller of the leaked data is also offering it through the controversial messaging app Telegram, where the person or the group goes by handle “Palm Yunn.” On the hacking community forum, the user is listed as “Agency123456.” The seller claims the database is from 2022.

Meta-owned WhatsApp has more than 2 billion active users globally and is one of the most popular mobile messaging apps. If all the records in the purported data set of WhatsApp users on the Breached website are accurate, the data could impact nearly a fourth of all WhatsApp users.

A sample data set of 1,097 UK and 817 US users’ numbers were sent to Cybernews by the seller and the publication researchers confirmed the data was legitimate. The source of the data could not be ascertained, and WhatsApps said it has found no evidence of a breach.

“The claim written on Cybernews is based on unsubstantiated screenshots. There is no evidence of a ‘data leak’ from WhatsApp,” according to statement sent in email by a WhatsApp spokesperson.

WhatsApp data could lead to incidents of fraud

Cybersecurity experts, nevertheless, warn the exposed data could lead to incidents of fraud, smishing, and phishing. 

“The threat actors can use these mobile numbers for phishing campaigns. The mobile numbers if linked to bank accounts can lead to monetary fraud as well,” said Prashant Mali, a cybersecurity and privacy policy advocate.

The attackers can use leaked information for social engineering, agreed Anand Prakash, founder of PingSafe and a bug bounty hunter. However, Prakash pointed out that the leaked data  itself contains no sensitive information.

“I don’t think it is a very critical leak, where someone can read the messages or log in remotely on WhatsApp. The leak only discloses if a number is active on WhatsApp or not,” he said.

Prakash suspects that the leak could have been the result of some vulnerability being exploited or a third party that might have leaked the data.

Cybernews has provided a link where users can check if their number is a part of the leaked database or not. 

Records of 32 million US users available for $7,000

On the hacking community forum , the seller claims the database has 32 million records belonging to US WhatsApp users. In a conversation with Cybernews, the seller said they are willing to sell the US records to anyone who’s willing to shell out $7,000. 

The overall database also has records of 45 million users from Egypt, 34 million from Italy, 29 million from Saudi Arabia, 20 million from France, 10 million from Russia, 11 million from the UK, and 6 million users from India, the seller claimed. 

An advertisement was posted on the hacking forum on November 16 by the threat actors announcing the sale of the data.

While the US data set is being sold at $7,000, that of UK is being sold at $2,500 and Germany at $2,000, according to  the report. 

Social media users have been the target for hackers for a while now. Vulnerabilities on such platforms could impact millions or even billions of users worldwide. For instance, in October, about 1.5 billion Facebook users’ data was put up for sale on the dark web. The attackers had claimed the database contained names, email addresses, phone numbers, locations, gender, and IDs of the users. However, within days of being posted the offer disappeared from the forum. 

Similarly, in the same month, 500 million LinkedIn profiles were also put up for sale on a hacker forum. The sellers had also posted 2 million records leaked as a sample to prove the authenticity of the data. The leaked data included the full names of the users, email addresses, phone numbers, and workplace information. 

(This story has been updated with a response from WhatsApp.)