A threat actor – cybercriminal acting alone or with a racket – reportedly stole and put up for sale active mobile phone numbers of nearly 500 million WhatsApp users, among which over 3.8 million are Bangladeshis, claims a report from research-based online publication Cybernews.
The Cybernews report published on Saturday reveals that on November 16, a post selling the information in the form of a database was put up on a well-known hacker forum, claiming that the 2022 database contained 487 million WhatsApp user mobile numbers from 84 nations.
This stolen database contains phone numbers of over 32 million US customers and over 11.5 million UK subscribers. However, it appears that the breach most heavily impacted Egyptian users, with approximately 45 million people possibly at risk.
The report claims that 38,16,339 WhatsApp users from Bangladesh could be at risk.
All of the numbers, according to the threat actor responsible for the attack, belong to WhatsApp users who appear to be active.
Additionally, the threat actor claims to be in possession of over 35 million Italian user phone numbers, close to 10 million Russian user numbers, and over 6 million Indian user phone numbers.
Upon request, the seller of WhatsApp’s database shared a sample of data with Cybernews researchers, who then investigated and found the number included in the sample were in fact, WhatsApp users.
The seller did not specify how they obtained the database. This information could be used for smishing and vishing attacks. Cybernews reached out to WhatsApp’s parent company, Meta, but received no immediate response.