The hacker said he is quitting crime and has dropped a dozen million WhatsApp user records for free. Cybernews researchers found millions of phone numbers and login credentials allegedly leaked.
A threat actor has dropped a post on a well-known hacker forum claiming to have millions of records allegedly belonging to WhatsApp users.
The listing includes over 3TB of data, and the attacker offered the enormous dataset with millions of phone numbers and logins to WhatsApp accounts for free.
Cybernews researchers have investigated the dumped dataset and can confirm that it contains multiple files listing phone numbers by location.
Among the exposed data are approximately 10 million Russian and 4 million Israeli phone numbers. However, no additional information was attached.
Researchers also discovered more files in the dataset. However, these files were protected by a password, and the hacker forgot to include it in the post, leaving the full dataset actually inaccessible.
The contents of the protected files remain unverified, but they may include additional personally identifiable information (PII), as the data sample provided by the attacker also includes users' full names, email addresses, and home addresses.
Some of the dropped files include WhatsApp account logins, putting users at risk of account takeovers.
Over 3TB of data leaked, but where is it coming from?
If the data is legitimate, the questions remain: how did the attacker compile this dataset? And does it indicate a data breach in WhatsApp’s systems?
Last year, researchers from the University of Vienna and SBA Research discovered a WhatsApp vulnerability that enables the extraction of more than 100 million phone numbers per hour, demonstrating that while users' private messages are end-to-end encrypted, their personal data can still be extracted in other ways.
“Typically, the kind of data present in the forum post would be collected through social engineering attacks,” the Cybernews research team explained.
“The user clicks on a link or scans a malicious QR code, fills out their info, and the info gets sent to the attacker, plain and simple. Also, such data could be collected with infostealers.”
The fact that among the dumped data are files containing logins supports the possibility that the data was gathered via phishing or infostealers.
Cybernews has reached out to WhatsApp for a comment.
WhatsApp users may suffer massive vishing attacks
So far, the data's legitimacy remains unverified. However, such a large dataset may pose significant security risks to WhatsApp users whose phone numbers and PII were exposed.
With such data in hand, attackers could mount massive vishing or smishing campaigns targeting affected WhatsApp users.
Curious what others think about this story? Contribute your thoughts to the debate below.
Attackers could call or text victims pretending to be representatives of various trusted organizations, including WhatsApp support.
The leaked data could also be used for identity profiling and later exploited in further attacks, identity theft, and fraud.
The hacker is hanging up their keyboard
The urge to quit is not just a corporate employee fantasy – cybercriminals like the idea too.
After bragging about having billions of WhatsApp records, the threat actor posted a note saying they’re quitting cybercrime.
“I also wanted to say goodbye, as this is my last message. As you may have noticed, my activity on these forums has decreased significantly lately, as I’ve decided to refocus on my personal life and true priorities,” the hacker wrote.
“I’ve greatly enjoyed the discussions and the time spent here, but it’s time for me to move on,” they added.
As a farewell, the threat actor dropped the alleged WhatsApp dataset for free. Normally, cybercriminals post stolen datasets on such forums, attaching a price tag and hoping to find interested buyers. But this wasn’t the case this time.
The attacker was quite active on an underground marketplace. Previously, they reposted data claiming to belong to the French ID agency’s ANTS database.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked