In mid of November, a cyber threat actor claimed on a dark web forum to have stolen the personal credentials of around 500 million WhatsApp users. Following the incident, Check Point Research (CPR) published a new advisory in which they analyzed the leaked files including 360 million phone numbers from 108 countries.
However, data coming from each country show a different ratio of exposed data, ranging from 604 in Bosnia and Herzegovina to 35 million attributed to Italy.
Additionally, in the initial days of the hack, the hackers set files for sale which included international dial codes, however, now the same data is being distributed free of cost amongst hackers.
The hack first was exposed on 16th November in a message published by the cyber threat actor on the hacking forum named BreachForums.
"While the information on sale does not expose the content of any messages themselves, it is still worrying to see such a large volume of phone numbers for sale on the Dark Web. There is the potential that this information could be used as part of tailored phishing attacks in the future,” Deryck Mitchelson, field CISO of EMEA at CPR said.
Once the threat actors get the access to phone numbers of users and then sell the same, attacks such as smishing or vishing are likely to follow.
“The WhatsApp ‘leak’ is nothing more than phone numbers obtained from the Facebook ‘leak’ that took place in 2019. The sample of 5000 WhatsApp data records from Poland is identical to those we already saw in 2019,” Paciorek claimed.
According to the technical data, Smishing (phishing via SMS) and Vishing (phishing via voicemail) attacks have been observed excessively in the past few years, and it is highly likely these types of attacks will increase.
Often these texts come from your bank, asking you to grant personal or financial information including your account or ATM number. Users must remain wary of such texts that appear to be from suspected sources.
