WhatsApp Denies Claims of Data Leak of 500 Million Users

Popular messaging platform WhatsApp has denied claims of a data breach of 500 million users’ worldwide days after a news platform reported that the stolen information was being sold on the dark web.  

According to a report published by Cyber News on November 26, an unknown threat actor was able to hack into the messaging application and sell the stolen information on the dark web.  

Considered among the most secure messaging applications that offer end-to-end encryption for iOS and Android, reports of a possible breach of the application created quite a buzz among users.

The Meta-owned messaging platform caters to over 2 billion users worldwide and is ranked among the world’s most popular messengers. Moreover, the cross-platform integration also allows users to use the same application on different devices using a QR code.  

WhatsApp user information for sale 

According to the reports, the stolen data consists of information from over 500 million users, including users from 84 countries and 32 million from the USA. The alleged hacker is selling the information on a hacking community forum. The data also consists of users from countries like Turkey, France, Egypt, Italy, and Saudi Arabia. Within the data sets, the threat actor didn’t present any data from India — even though the nation has 487.5 million active users.  

Sources claim that the stolen data is being sold according to the countries. AS per reports, the WhatsApp data of US users is being sold at $7,000, while the UK and Germany databases are being sold at $2,500 and $2,000, respectively. 

On November 16, the threat actor advertised the databases of 487 million WhatsApp users, including their phone numbers. While the threat actor, who was selling the databases, didn’t reveal how they obtained the information, as per the report by Cyber News, they claimed to have “collected the data using their approach” adding that all of the numbers in the instance belong to active WhatsApp users. 

WhatsApp’s parent company, Meta, was approached by multiple security publications and media organizations, but the company did not respond instantly. According to Deccan Herald, the company denied the breach stating that there was no official report on the information being misused. “The claim written on Cybernews is based on unsubstantiated screenshots. There is no evidence of a ‘data leak’ from WhatsApp,” a WhatsApp Spokesperson told the news organization. Moreover, WhatsApp is yet to release an official statement addressing the issue. 

Though there is yet to be clarity on the breach, the leaked information may be detrimental to users, so it is advised to look out for active phishing campaigns because the mass data harvesting could be used to target multiple users and individuals using the content of the leaked data.