On Nov 25th, an anonymous source posted a message on a well-known hacking community forum, claiming to sell a 2022 database of 487 million WhatsApp user mobile numbers. The database reportedly contains WhatsApp user data in 84 countries, including 32 million Americans, 45 million Egyptians, 35 million Italians, 29 million Saudi Arabians, 20 million Frenchmen and 20 million Turks. The 2.9 million active users in Hong Kong were also included in the database. The US dataset sells for $7,000, with the UK and Germany datasets for $2,500 and $2,000 respectively. Such datasets are mainly used by cyber attackers for smishing, vishing, Internet fraud and attacks.
The seller also made a sample of data publicly available, and Cybernews researchers have confirmed all of them were real WhatsApp users. The seller provided no detailed information about how he/she obtained the database, but ensured that all the 487 million mobile numbers belonged to active WhatsApp users, somewhat different from the 2 billion active users per month officially claimed by the company. User data leakage of social media has always been widely criticized, with leading platform such as WhatsApp, Facebook and Twitter even selling user data to advertisers for profits. The user privacy protection is particularly worrying.