WhatsApp data leak: beware of these 3 dangers

WhatsApp data leak: beware of these 3 dangers

The more recent WhatsApp attackin which the data of more than 500 million people were sold online, as we learned at the beginning of the week.

The case is still under investigation, with various agencies investigating the details and the platform of the Meta group.

Among these cybersecurity agencies, we now collect the testimony of Rui Duro Country manager of Check Point Software in Portugal.

The executive comments on the most recent attack on the WhatsApp platform, where it is said that there are more than 500 million contacts for sale on the Internet.

Up to 500 million WhatsApp contacts may have ended up on the Internet


First of all, this attack again evokes the need to protect ourselves and take preventive measures so that we can protect our data. Given the growing importance of platforms like WhatsApp, their security and integrity can never be taken for granted.

1. The danger of revealing WhatsApp numbers for sale

This non-compliance can have numerous consequences of varying severity.

First of all, the personal data of the affected users was compromised, from their names, telephone numbers, email addresses, etc.

This is information that, as a consequence, can give the cybercriminal access to steal many other important data, such as bank accounts.

This type of leak is very dangerous, since, in addition to stealing personal data from WhatsApp users, it can lead to attacks on other companies and companies through this data.

Another consequence is that a phishing campaign is carried out on the victims whose phone number was revealed. Ultimately, the account can even be stolen in order to sell it later.

2. It can lead to smishing and vishing campaigns

Once cybercriminals have phone numbers and other means of contact and sell them, attacks like vishing or smshing have the potential to multiply on a large scale.

As for vishing, it must be taken into account that these threats are made through calls to company employees and the acquisition of so many phones through this attack will facilitate its increase.

The same happens with smshing, since the same data is needed to carry out this type of attack.

Both are very dangerous as they can gain access to company data through them and they can also trick an employee into carrying out a financial heist.

Also, these types of attacks increase on shopping dates such as Black Friday and Cyber ​​​​Monday, Christmas and Amazon Prime Day. This year, Amazon Prime Day saw an 86% increase in Amazon-related phishing emails, according to a to study from the agency itself.

3. It can lead to account theft

A new set of 487 million WhatsApp phone numbers for sales on the Dark Web. A sample indicates that the phone numbers are legitimate. Be aware that subsequent threat actors will use this data to conduct smishing campaigns (phishing messages). Stay SAFU. 🇧🇷 pic.twitter.com/ZuDVXlzz4F

— CZ 🔶 Binance (@cz_binance) November 27, 2022

After all, the more data a cybercriminal has on you, the easier it is to hijack accounts. Especially if we have the same password on several different platforms or applications.

If the credentials of one of them are stolen and we have the same in the others, the cybercriminal can steal data and the entire account on all websites if he wishes. This is because you can access them without any problem.

For this reason, it is essential to have a different password for each of the services we have on the Internet, sometimes it may seem uncomfortable to remember them all, but if we select a good password manager it can make our task much easier.

On the other hand, it is important to implement double authentication in all services, since in this way, if someone tries to access from another point, they will be blocked and we can avoid the attack.

#WhatsApp #data leak: 500 million user records for sale. the #threat said the actor @CyberNews they were selling the #U.S #data set for $7,000, the #UK – $2,500, and #Germany – $2,000. Check if your country has been affected. Read more: https://t.co/YT8CwV2cLo#cyber security #infosec pic.twitter.com/ZsfakpLC3A

—CyberNews (@CyberNews) November 26, 2022


Please enter your comment!
Please enter your name here