QCOSTARICA – ESET, a leading proactive threat detection company, analyzes the publication for sale in a well-known hacking forum of an alleged database containing 487 million WhatsApp user numbers – 1.4 million from Costa Rica – from 84 different countries.
The published WhatsApp numbers allegedly include to users from Egypt, Italy, Saudi Arabia, France, Turkey, and the United States.
From Latin America, the database claims to have 1,464,002 from Costa Rica, 2,347,553 numbers from Argentina, 2.595,209 from Bolivia, 8,064,916 from Brazil, more than 17,957,908 from Colombia, 6,889,083 from Chile, 13,330,561 from Mexico, and 1,509,317 from Uruguay.
The publication includes a Telegram account for those interested to contact. As revealed by Cybernews (WhatsApp data leaked – 500 million user records for sale online), which released this post on the forum, researchers analyzed a sample they received and confirmed that they are phone numbers associated with active WhatsApp accounts.
“WhatsApp numbers can be used by malicious actors to distribute hoaxes or to launch phishing attacks that seek to steal WhatsApp accounts, among other actions,” says Camilo Gutiérrez Amaya, head of the ESET Latin America Research Laboratory. “In recent times we have seen cases where scammers tried to steal the verification code to steal WhatsApp accounts using excuses such as a fake WhatsApp support message, appointment for vaccinations or even through messages that suddenly arrive from unknown numbers requesting the unused six-digit code.
“When the six-digit code is delivered, cybercriminals take control of WhatsApp accounts and contact the victim’s contacts to deceive them and request an emergency or unforeseen transfer. Unfortunately, many people fall into the trap and send money to criminals, not knowing that their contacts had their accounts stolen,” adds the specialist.
For his part, a spokesman for Meta, the company that owns WhatsApp, denied that it was a leak, since there is no evidence that Meta has suffered a leak to its systems. In addition, from Meta, they assure that they are aware of the publication that was made in the forum and that the numbers put up for sale do not contain additional information about the people.
According to the post made on the hacking forum, the threat actor claims that the data was collected through scraping. Web scraping is the use of tools that allow extracting and/or collecting data from websites and thus creating a database.
In the past, there have been several cases of database publications with information from people that were collected through scraping. For example, when data from 1.5 billion Facebook users was released for sale or when data from 500 million LinkedIn users was released for sale.
ESET recommends that users be aware of the possibility of receiving messages from unknown numbers and block them at the slightest suspicion.