article featured image


On November 16th an unknown threat actor announced that he was selling a database of almost 500 million mobile phone numbers belonging to WhatsApp users.

The sales ad was found on a notorious hacking community forum and claimed it had fresh data, not older than 2022, from millions of people around the globe. Right now, the free instant messaging app is estimated to have more than two billion users in over 180 countries.

Could Your Data Be on the List?

Have a look at the list of countries affected by data spillage and see if you also find yours. According to the cybercriminals that put it on sale, the illegitimate database contains phone numbers from 487 million people living in Egypt, the USA, the UK, Italy, France, Turkey, Russia, the Czech Republic, Chile, etc.

The list goes on to up to 84 countries from all around the world.

Are the Phone Numbers Valid?

The threat actors did not reveal in which way they collected the data but stated that all the numbers came from active WhatsApp users.

Cybersecurity researchers asked the threat actors to prove the quality of their merchandise with a sample of data, so they can verify if the ad was telling the truth. The seller came up with a sample of the data which contained, according to Cybernews, 1097 UK and 817 US valid user numbers.

Why and How Did the Threat Actors Attack

Meta was often criticized for permitting third parties to scrape or collect user data, and even had 533 million user records leaked on hacking forums in the past. They can’t know for sure right now, but cybersecurity researchers suspect that the information

could be obtained by harvesting information at scale, also known as scraping, which violates WhatsApp’s Terms of Service.


The phone numbers of the 487 million WhatsApp users could end up being used for malicious acts like phishing, impersonation, or fraud. Gaining access to such an amount of data is a jackpot for cybercriminals operating vishing and smishing campaigns, for example.

With so much at risk, cybersecurity researchers think Meta and other tech giants should be more committed to protecting their users’ data:

We should ask whether an added clause of scraping or platform abuse is not permitted in the Terms and Conditions is enough. Threat actors don’t care about those terms, so companies should take rigorous steps to mitigate threats and prevent platform abuse from a technical standpoint.


If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.

Author Profile

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.

Leave a Reply

Your email address will not be published. Required fields are marked *