hometechnology NewsAnother cybersecurity firm alleges WhatsApp data leak after denial by messaging app

Another cybersecurity firm alleges WhatsApp data leak after denial by messaging app

Another cybersecurity firm alleges WhatsApp data leak after denial by messaging app
Read Time4 Min(s) Read
Profile image

By Pihu Yadav  Dec 5, 2022 12:27:36 PM IST (Published)

Cybersecurity firm Check Point Research (CPR) has come out with a report which backs Cybernews' claim that millions of phone numbers were leaked from WhatsApp and are now being shared on the dark web.

A week back Cybernews claimed that the personal data of around 500 million people were breached on Whatsapp and the same was available for sale on the dark web. WhatsApp refuted this calling the report based on "unsubstantiated screenshots". Now, cybersecurity firm Check Point Research (CPR) has come out with a report which backs the Cybernews claim broadly.

Recommended Articles

View All

CPR says its analysis has revealed that the leak contains 360 million phone numbers of WhatsApp users from 108 countries.
“Each country has different records that have been exposed, ranging from 604 in Bosnia and Herzegovina to 35 million attributed to Italy. In the past four days the files, which included international dial codes and were for the first set for sale, are now being distributed freely amongst hackers,” the company said in a statement.
According to CPR, the news about these files being sold on the dark web was first exposed on November 16 in a message published by the hacker on the hacking forum BreachForums, claiming to be selling the up-to-date personal information of 487 million WhatsApp users from 84 countries.
Phishing, Vishing and Smishing expected to rise amid data breach
Once cybercriminals have access to phone numbers that are then sold on, attacks such as vishing or smishing are likely to follow. Vishing is a social engineering attack where a victim is duped into giving information over the phone, while smishing is conducted through SMS.
With millions of records available to buy, it is highly likely these types of attacks will increase. It is also possible that hackers could access other online services using the phone number, which may have more damaging consequences.
CPR has found an increase in phishing attacks around the holiday season, with a 17 percent rise in malicious emails during Black Friday and Cyber Monday. This year, Amazon Prime Day also saw an 86 percent increase in Amazon-related phishing emails.
Top principles to follow in order to remain safe
Avoid Clicking Links: Links in text messages are difficult to verify due to link shortening and the inability to hover over links to see targets. Instead of clicking on links in text messages, browse directly to the target site.
Install Apps from app stores: Smishing attacks may be designed to trick recipients into installing malicious apps on their mobile devices. Always install apps from reputable app stores, ideally after verifying their authenticity on the creator’s website.
Do not Provide Data: Smishing attacks are commonly designed to steal sensitive data from their targets under the guise of verifying identities or other pretexts. Never provide personal data to someone that you have not called or texted via a number listed on their website.
Always Verify Phone Numbers: Vishers will call while pretending to be from a legitimate organization. Before giving any personal data or doing anything that the attacker says, get the caller’s name and call them back using the official number from the company website. If the caller tries to talk you out of doing so, it is probably a scam.
Never Provide Remote Computer Access: Vishers may request remote access to your computer to “remove malware” or fix another issue. Never provide access to your computer to anyone except verified members of the IT department.
Deploy Email Security Solutions: Modern email filtering solutions can protect against malware and other malicious payloads in email messages. Solutions can detect emails that contain malicious links, attachments, spam content, and language that could suggest a phishing attack. Email security solutions automatically block and quarantine suspicious emails and use sandboxing technology to “detonate” emails to check if they contain malicious code.
Check out our in-depth Market Coverage, Business News & get real-time Stock Market Updates on CNBC-TV18. Also, Watch our channels CNBC-TV18, CNBC Awaaz and CNBC Bajar Live on-the-go!
View All

Most Read

Market Movers

View All
Top GainersTop Losers