It was reported recently that a database containing nearly 500 million WhatsApp phone numbers was put on sale on a hacking community forum. Meta, the company which owns WhatsApp, has denied the allegations and insisted there was no evidence of a recent data breach.
A Meta spokesperson told SCMP that the report by Cybernews was speculative and based on “unsubstantiated screenshots”. The person said Meta took allegations about security breaches of its services very seriously and had taken immediate steps to further look into the claims made. The person added that while the phone numbers may be associated with WhatsApp accounts, they didn’t include other user information.
Without elaborating further, the Meta spokesperson said they have no information about how the list of phone numbers was collected. They added that there are many ways that such a list could have been compiled.
As reported by CyberNews, a database of 487 million WhatsApp user is being sold online which include over 44.82 million users in Egypt, 32.3 million users in the United States, 11.67 million from Malaysia, 3 million from Singapore and 130,331 from Indonesia. From the looks of it, this information appears to come from a previous data leak involving 500 million Facebook users which were reported last year.
If you refer to the list of the alleged Facebook data breach in 2021 above, it also lists the same number of users per country including 44.82 million Egypt users, 11.67 million Malaysian users and 130,331 Indonesian users.
Responding on the matter, Facebook said back then that the data was previously reported in 2019 and they patched the vulnerability in August of the same year. The company even issued a press statement saying that its systems were not hacked but the data was obtained by scraping using its contact importer tool prior to September 2019. It added that scraping is a common tactic that uses automated software to lift public information from the internet which then can be compiled and sold in online forums.
Facebook said scraping data using features that were meant to help people violates their terms and they have teams to detect and stop these behaviours. Although they have “addressed” the issue, the company admits that they can’t always prevent data sets like these from recirculating online. It advises users to perform regular privacy checkups to ensure their settings are correct including restricting certain information on their profile and enabling two-factor authentication (2FA).
[ SOURCE ]