Home / Technology / News /  WhatsApp denies breach that allegedly leaked nearly 500 mn phone numbers
Back

WhatsApp denies breach that allegedly leaked nearly 500 mn phone numbers

In September last year, the Irish Data Protection Commission had fined WhatsApp €225 million over alleged discrepancies on how the Meta-owned service handled personal information of users.Premium
In September last year, the Irish Data Protection Commission had fined WhatsApp €225 million over alleged discrepancies on how the Meta-owned service handled personal information of users.

  • On Saturday, CyberNews, a cyber security-focused publication, said that a threat actor was selling a database containing phone numbers of over 487 million users of WhatsApp. Of this, nearly 6.2 million phone numbers belonged to users located in India

NEW DELHI: Meta-owned instant messaging service, WhatsApp, has denied an alleged data breach that was said to have leaked phone numbers of nearly 500 million users from around the world, including India. 

In a statement, a WhatsApp spokesperson said that the data breach report was “based on unsubstantiated screenshots," and that the company had “no evidence of a ‘data leak’."

“The claim written on Cybernews is based on unsubstantiated screenshots. There is no evidence of a ‘data leak’ from WhatsApp," the spokesperson said.

On Saturday, CyberNews, a cyber security-focused publication, said that a threat actor was selling a database containing phone numbers of over 487 million users of WhatsApp. Of this, nearly 6.2 million phone numbers belonged to users located in India. The report, with screenshots of the alleged leaked phone numbers, did not clarify if the database also included names and other details of users who owned the said phone numbers.

Following the report, Jurgita Lapienytė, chief editor of CyberNews, tweeted that there was no evidence of a hack. “There’s no evidence WhatsApp has been hacked. The leak might be a scrape but that doesn’t mean it’s any less dangerous for the affected users," she wrote.

Security experts said that even without an elaborate set of details, like names or other identification, leaked databases--if confirmed--are often purchased by cyber criminals, who subsequently use these phone numbers to initiate scams that may include phishing, identity theft and other related activities.

“Phone number harvesting is a very common practice today, and hackers often find clients such as telemarketers — who purchase such databases to sell their products. Even without a name attached to a number, such databases still find plenty of customers," said Sandip Kumar Panda, founder and chief executive of Bengaluru-based cyber security firm, InstaSafe Technologies.

However, Panda added that with data breaches becoming commonplace, it is also important to authenticate the veracity of breach-related claims.

“Meta, as a publicly-listed global firm, is bound by compliance to disclose any data breach. Given that they have denied the breach so far, the alleged database is largely speculative, and we have not found any conclusive evidence regarding the leak being authentic," he said.

To be sure, this was not the first time that a data breach of this proportion has been alleged against a Meta Platforms app. In April last year, a report by PTI claimed to have discovered a database that included phone numbers, names, social media IDs, locations, profile biographies and even email addresses of over 533 million users across 106 nations. Of this, at least 6 million users were allegedly based in India.

At the time, a Facebook spokesperson acknowledged the breach, and told PTI that the leaked data was “previously reported on" in 2019, which the company had fixed at the time.

In 2018, Meta (then Facebook) chief, Mark Zuckerberg, said in light of the Cambridge Analytica scandal that the company would restrict access to user data for third party apps — a factor that largely contributed to data of Facebook users being breached.

Three years since one of the biggest data collection and misinformation campaigns on the internet, Meta said on 8 October that it would inform one million users regarding their personal data being breached through over 400 malicious apps on Android and iOS devices which tapped Facebook’s database to connect users.

In September last year, the Irish Data Protection Commission had fined WhatsApp €225 million over alleged discrepancies on how the Meta-owned service handled personal information of users. Two months later, the company published a new privacy policy for its users in Europe, clarifying how the service collected and processed user data in the region.

However, WhatsApp stated at the time that the privacy policy update did not change the way its operations worked, including how user data was “processed, used or shared with anyone, including parent company Meta."

ABOUT THE AUTHOR

Shouvik Das

Shouvik Das is a science, space and technology reporter for Mint and TechCircle. In his previous stints, he worked at publications such as CNN-News18 and Outlook Business. He has also reported on consumer technology and the automobile sector.
Catch all the Technology News and Updates on Live Mint. Download The Mint News App to get Daily Market Updates & Live Business News.
More Less

Recommended For You

Trending Stocks

×
Get alerts on WhatsApp
Set Preferences My ReadsWatchlistFeedbackRedeem a Gift CardLogout