An unknown threat actor is trying to sell 487 million phone numbers on a hacking forum. They claim the numbers belong to active WhatsApp users and they aren’t older than 2022. This is potentially a massive security breach and could lead to identity theft, phishing, and other malicious activities.
WhatsApp and parent company Meta have yet to issue a statement on the matter, but users should be vigilant about their online security in light of this news.
Has Your Phone Number Been Exposed?
WhatsApp has more than 2 billion monthly users, so a dataset containing almost 500 million users’ phone numbers counts as a critical breach, especially after Meta’s recent streak of bad luck with Ducktail malware hijacking Facebook accounts.
The seller published a list of 84 countries, showing that they obtained numbers from more than 32 million users from the US, 35 million from Italy, 11 million from the UK, and 44 million from Egypt.
Cybernews contacted the threat actor claiming to sell the WhatsApp database and they agreed to share a sample containing almost 2000 US and UK phone numbers. The cybersecurity news agency confirmed that the numbers indeed belong to WhatsApp users.
We don’t yet know how the WhatsApp data was obtained and Meta didn’t release any official statements regarding the matter. Nonetheless, the risk exists as the phone numbers can be used in phishing attempts and other malicious activities.
How to Secure Your Data
Companies that collect data are always at risk of being breached or hacked. All it takes is an unsecured server, a distracted employee, or a convincing email with a phishing link. You can’t prevent big data corporations like Meta or even Google from being compromised by cybercriminals. But you can secure your accounts and protect your personal data.
Even if your phone number is somewhere in that list of 487 million numbers, you can still prevent yourself from being exposed to further hacking. Here are a few easy steps you can take:
- Change all your passwords. It sounds like a hassle, but it’s a necessary step. Create new, robust passwords for your WhatsApp account and other social media accounts.
- Don’t click on suspicious links. Cybercriminals use phone numbers for phishing attempts and online scams. Some day, you might receive a suspicious link out of the blue through WhatsApp. If it’s unsolicited and you don’t know the sender, ignore it and report the user.
- Connect to a VPN server. Use CyberGhost VPN to hide your IP address and limit data collection. We use 256-bit AES encryption and highly secure VPN protocols to keep your digital identity out of greedy hands.
- Stay vigilant. If the message you receive contains typos, an offer that sounds too good to be true or urges you to send information or money, ignore it. It’s likely a phishing scam.
It’s a scary time to be sure, but hopefully, now that you are informed, you can take steps to protect yourself and your data. Have you been affected by the hack? Let us know in the comments below.