Historical Black Friday With 500 Million User Data Up For Sale In WhatsApp Hack

Historical Black Friday With 500 Million User Data Up For Sale In WhatsApp Hack

Apart from banks and aviation companies, what other firm do you want to approach and ask, "what's the matter with you?!"

For me, one such company is WhatsApp.

Although WhatsApp isn't alone when it comes to security and privacy issues, its past is full of flaws and frauds that have plagued the company.

In fact, these days, a year is incomplete if WhatsApp doesn't get breached at least once.

In 2019, the breach saw over 1 billion users' data breached. 

Last year, a hacker offered the data on over 500 million Facebook members free online. 

And this year, it's 500 million private users' data available for sale. 

What happened

A day after Thanksgiving this year, the news of a WhatsApp data breach began circulating online. 

According to reports, 500 million user records were put up for sale by a hacker.

No alt text provided for this image

Cybernews

This private data was reportedly stored in a database from 2022, which includes users from 84 countries, including the United States, the United Kingdom, Russia, Egypt, Italy, and India.

According to the hacker who caused the attack, all numbers belonged to "active" WhatsApp users.

The stolen database included 32 million users in the United States and 11 million users in the United Kingdom. Egypt (45 million), Italy (35 million), Saudi Arabia (29 million), France (20 million), Turkey (20 million), and Russia (10 million).

No alt text provided for this image

Cybernews

Data from each country was available for sale, with the US dataset going for $7,000, the British figures going for a comparable per-capita sum of $2,500, and Germany for $2000.

What was most troubling was that it wasn't just an empty threat aimed at the Meta-owned firm because about 2,000 numbers supplied with Cybernews in a sample request proved to be active WhatsApp users.

No alt text provided for this image

Cybernews

What It Means

I'm sure you've met people without social media accounts or email addresses.

But it's unlikely that you have met someone who doesn't have a phone number.

A malicious actor could sneak into your bank accounts, emails, and more. And with just your phone number and a little "social engineering," in which a hacker does not need technical competence, just the ability to convince a customer service staff that they are you.

Because we live in such modern times, simply having a phone number exposes your money and sensitive info to any random hacker.

It begins with obtaining your phone number and fabricating a believable explanation to your provider's customer service representative, who then gives them access to your account.

They have your number forwarded to the hacker's device.

Using your online bank account, the hacker tries to log in as you but hits 'forgot password' and changes the password by sending a code to your phone number, which has been redirected to theirs.

Then they're in your account, and you're out.

Here's a list of information hackers can acquire from hacking your phone number:

  • Email addresses and contact lists
  • Bank accounts and financial assets
  • Current and past residences
  • Passwords for social networking and other internet accounts
  • Social Security number (SSN)
  • Names and contact information for your family and friends
  • IP addresses (for both your phone and computer)
  • Medical records, professional licenses, and other identification documents

All sensitive data in the wrong hands could prove ruinous for you.

What Can You Do?

Given how dire this scenario is, what can you do to keep your private data private?

These are a few steps every individual should take to guard against data breaches.

Use a search engine that prioritizes privacy protection

No alt text provided for this image

Every year, Americans spend roughly 60 billion hours on Google

As a result, the personal preferences and information that the search engine learns about you and shares with third parties might jeopardize your privacy.

Newer privacy-focused search engines encrypt your search history, block website trackers, and do not track user data or locations. 

These search engines are free to use and are now available on mobile and desktop platforms.

Review and update privacy settings regularly

The Internet of Things has provided us with a wealth of useful technologies to simplify our lives. 

Unfortunately, most of this technology is also unsafe. 

Many are frequently installed with default settings, making it all too simple for hackers and cybercriminals to exploit security holes.

Most IoT devices that support updates will have two configuration options: Push mode and Pull mode. 

When you enable push mode, IoT devices will automatically update regularly. 

But with pull mode, you must manually update IoT devices whenever a new update becomes available.

Check the security settings on any IoT devices, and always use Push mode if available.

Use strong passwords & 2-factor authentication

No alt text provided for this image

You've undoubtedly heard this before: use strong, unique passwords for each account. 

Despite this, many people continue to use passwords that are very easy to guess and the same password for many accounts. 

Writing a lengthy-phrase you can remember is a simple approach to creating a strong password. 

This phrase, however, should not include any personal information.

For example, if your name is Fred and you're a banker, your password shouldn't be BankerFred34.

Using weak passwords or the same password(s) for several accounts allows hackers to easily steal your identity and access many of your private accounts. 

Furthermore, as of 2021, over 50% of Internet users continue to use the same password for all their accounts (both at home and work), making businesses face increased risks.

Set up free credit monitoring

Hackers can commit ID theft easily, thanks to today's modern technologies. 

They can obtain sensitive data and personal information from you in various ways. 

According to the Identity Theft Resource Center (ITRC), the first quarter of 2022 had 14% more reported data intrusions than the first quarter of 2021.

Setting up free credit monitoring alerts with a reputable credit bureau can help you keep ahead of cybercriminals or hackers attempting to commit fraud or identity theft in your name. 

What's more, if a breach is suspected or confirmed, you may immediately freeze your credit to prevent fraudsters who have gained your credit information from causing more significant harm.

No alt text provided for this image

ITRC

Frequently update your firmware and software

An insecure internet connection is another considerable privacy risk, though one that is easily mitigated. 

When using Wi-Fi at home, be sure your password is strong and secure.

Keep your router and firewall firmware up to date as well. You should also check that your computer and mobile devices are running the most recent software.

You can keep everything up to date by enabling automatic updates in your system choices. The position of your preferences will vary depending on your device. 

However, it is usually located under the devices 'Security' section.

These frequent updates often include critical security fixes to resist some of the most recent hacker efforts.

Summary

This is not to say that only the steps above are necessary for keeping your data safe. 

However, they are an excellent foundation for safeguarding your data from malicious actors.

Other measures include installing antivirus software and partnering with credible managed services providers to ensure optimal security at home and in the workplace.

If you want to read more blogs like this, or pieces on finance, venture capital, recruitment, and more, you can check out my other articles and connect with me to see immediately a new one drops.

To view or add a comment, sign in

More articles by Dennis Monner

Insights from the community

Others also viewed

Explore topics