Binance CEO Changpeng Zhao has warned users of an upcoming wave of phishing scams as hackers are selling up-to-date mobile phone numbers of nearly 500 million WhatsApp users.
In a Sunday tweet, Zhao, who goes by the name CZ on Twitter, said over 487 million WhatsApp phone numbers are for sale on the Dark Web. He claimed that the numbers are legit and that users might be prepared for receiving phishing links and scam messages.
“A new set of 487 million WhatsApp phone numbers for sales in the Dark Web. A sample indicates the phone numbers are legit. Please stay vigilant as threat actors downstream will use this data to conduct smishing (phishing messages) campaigns,” he said.
According to a report by Cybernews, a hacker posted the numbers on a well-known hacking community forum on November 16, claiming that they were an up-to-date database of 487 million WhatsApp user mobile numbers.
The dataset reportedly contains WhatsApp user numbers from 84 countries. The largest chunk of phone numbers belongs to the citizens of Egypt (45 million), Italy (35 million), the US (32 million), Saudi Arabia (29 million), France (20 million), and Turkey (20 million).
The threat actor allegedly told Cybernews that they were selling the US dataset for $7,000, the UK for $2,500, and Germany for $2,000. The media also claimed the seller shared a sample of data with them, and they were able to confirm the validity of the numbers.
WhatsApp is reported to have more than 2 billion monthly active users globally. The messaging app is ranked among the most popular mobile messenger apps in the world.
Massive WhatsApp Data Leak
While the hacker did not specify how they obtained the database, suggesting they “used their strategy” to collect the data, Cybernews speculated the information could have been obtained by harvesting information at scale, also known as scraping.
Scraping is the use of an automated tool for gathering and harvesting information at scale for any unpermitted purpose, according to WhatsApp. Scrapers may attempt to search for and save users’ information including phone numbers, user profile pictures, and statuses from the WhatsApp platform.
Notably, this is not the only massive data leak related to WhatsApp or other Meta companies. Back in April 2021, personal information on 533 million Facebook users worldwide reemerged on a hacker website.
Experts have long criticized Meta for letting third parties to scrape or collect user data.