class="post-template-default single single-post postid-1490 single-format-standard wp-custom-logo wp-embed-responsive aft-default-mode aft-sticky-sidebar aft-hide-comment-count-in-list aft-hide-minutes-read-in-list aft-hide-date-author-in-list default-content-layout single-content-mode-default align-content-left">
October 1, 2023


Latest News Portal

WhatsApp denies breach that allegedly leaked nearly 500 mn phone numbers

3 min read

In a statement, a WhatsApp spokesperson said that the data breach report was “based on unsubstantiated screenshots,” and that the company had “no evidence of a ‘data leak’.”

“The claim written on Cybernews is based on unsubstantiated screenshots. There is no evidence of a ‘data leak’ from WhatsApp,” the spokesperson said.

On Saturday, CyberNews, a cyber security-focused publication, said that a threat actor was selling a database containing phone numbers of over 487 million users of WhatsApp. Of this, nearly 6.2 million phone numbers belonged to users located in India. The report, with screenshots of the alleged leaked phone numbers, did not clarify if the database also included names and other details of users who owned the said phone numbers.

Following the report, Jurgita Lapienytė, chief editor of CyberNews, tweeted that there was no evidence of a hack. “There’s no evidence WhatsApp has been hacked. The leak might be a scrape but that doesn’t mean it’s any less dangerous for the affected users,” she wrote.

Security experts said that even without an elaborate set of details, like names or other identification, leaked databases–if confirmed–are often purchased by cyber criminals, who subsequently use these phone numbers to initiate scams that may include phishing, identity theft and other related activities.

“Phone number harvesting is a very common practice today, and hackers often find clients such as telemarketers — who purchase such databases to sell their products. Even without a name attached to a number, such databases still find plenty of customers,” said Sandip Kumar Panda, founder and chief executive of Bengaluru-based cyber security firm, InstaSafe Technologies.

However, Panda added that with data breaches becoming commonplace, it is also important to authenticate the veracity of breach-related claims.

“Meta, as a publicly-listed global firm, is bound by compliance to disclose any data breach. Given that they have denied the breach so far, the alleged database is largely speculative, and we have not found any conclusive evidence regarding the leak being authentic,” he said.

To be sure, this was not the first time that a data breach of this proportion has been alleged against a Meta Platforms app. In April last year, a report by PTI claimed to have discovered a database that included phone numbers, names, social media IDs, locations, profile biographies and even email addresses of over 533 million users across 106 nations. Of this, at least 6 million users were allegedly based in India.

At the time, a Facebook spokesperson acknowledged the breach, and told PTI that the leaked data was “previously reported on” in 2019, which the company had fixed at the time.

In 2018, Meta (then Facebook) chief, Mark Zuckerberg, said in light of the Cambridge Analytica scandal that the company would restrict access to user data for third party apps — a factor that largely contributed to data of Facebook users being breached.

Three years since one of the biggest data collection and misinformation campaigns on the internet, Meta said on 8 October that it would inform one million users regarding their personal data being breached through over 400 malicious apps on Android and iOS devices which tapped Facebook’s database to connect users.

In September last year, the Irish Data Protection Commission had fined WhatsApp €225 million over alleged discrepancies on how the Meta-owned service handled personal information of users. Two months later, the company published a new privacy policy for its users in Europe, clarifying how the service collected and processed user data in the region.

However, WhatsApp stated at the time that the privacy policy update did not change the way its operations worked, including how user data was “processed, used or shared with anyone, including parent company Meta.”

Catch all the Technology News and Updates on Live Mint.
Download The Mint News App to get Daily Market Updates & Live Business News.


Leave a Reply

Your email address will not be published. Required fields are marked *