360m Alleged WhatsApp Records Shared Freely on Telegram and Dark Web

In total, there are records belonging to alleged WhatsApp users from 108 countries.

Previously we covered the news of a database containing 487 million up-to-date WhatsApp user records from 84 countries being sold online on the hacking forum BreachForums which surfaced as an alternative to popular and now-seized Raidforums.

It is worth noting that, as reported by Hackread.com, it is the same forum where the personal details of 5.3 million Twitter users were recently leaked.

Now, Check Point Research (CPR) has published a report where they confirm seeing files available for sale on the Dark Web and Telegram groups containing 360 million phone numbers from 108 countries. 

Data seen by Check Point on the Dark Web

Each country had a different amount of mobile phone numbers present in the records and they range from 604 in Bosnia and Herzegovina to 35 million attributed to Italy. For the past four days, the files were set for sale but in a turn of events, they are now being distributed freely amongst hackers.

In its report, CPR also stated that it could not confirm whether these numbers really belonged to WhatsApp users or not. On the other hand, Hackread.com downloaded a file that the threat actors claimed contained 500 million WhatsApp numbers. This is what it looks like:

Data seen by Hackread.com on Telegram

Karol Paciorek, a cybersecurity researcher and expert from the computer security incident response team of the Polish financial sector (CSIRT KNF) wrote on Twitter on Tuesday that the leaked database was simply a re-use of an older 2019 Facebook breach.

He stated that the sample of the 5000 WhatsApp data records from Poland is identical to the one they saw in 2019. 

Keeping the current situation in mind, it is likely that vishing and smishing attacks will rise. They are both forms of phishing but instead of sending malicious links through email, threat actors dupe the victim into giving information over the phone (vishing) or through SMS (smishing). 

Certain measures that users should take to protect themselves from any such attacks include the following:

  • Do not click links that you are unable to verify due to link shortening and the inability to hover over links to see targets. Instead of clicking directly on the links in text messages, open the target site directly from the browser.
  • Do not install apps from any links sent through SMS. Instead, always use reputable app stores for downloading applications and ideally, also verify their authenticity from the creator’s website.

  • Smishing and vishing attacks can only harm you if you interact with them and give out information. Therefore, never provide any personal data to someone that you have not called or texted using the number shown on their website.
  • Always verify phone numbers to confirm that the caller belongs to a legitimate organization. Before providing any data or following any instructions, get the caller’s name and call them back using the official number from the company website. If the caller does not straightforwardly give his name and talks you out of it, it is likely to be a scam.
  • Never provide remote computer access to any individual claiming to help you in “removing malware” or fixing some other issue. Only trust the verified members of the IT department.
  1. 142M MGM Resorts Records Leaked on Telegram
  2. Ransomware Gang Leaks Medibank Data on Dark Web
  3. New credit card skimmers channel funds through Telegram
  4. Data of 21M SuperVPN, GeckoVPN users leaked on Telegram
  5. 8 Online Best Dark Web Search Engines for Tor Browser (2022)

Related Posts