In November 2022, personal data from 500 million WhatsApp users was reportedly leaked and sold online. This included phone numbers from a large database of users across 84 countries, with a reported 32 million in the US and 11 million in the UK. At RealTyme, we’ve highlighted previously the issues and concerns surrounding the use of WhatsApp for both consumers and businesses. This latest data breach is another example of the vulnerabilities facing one of the most popular communication platforms globally.
As the platform was not built with privacy by design and instead more so for harvesting customer data, the issues with WhatsApp and other consumer communication apps are well-known and, unfortunately, not surprising.
The latest WhatsApp user data concerns are surrounding a huge database leak. Whilst many millions of users in the UK and USA were affected, the most user data leaked in this alleged breach is from users in Egypt (45 million) and Italy (35 million). These datasets of user personal information are being sold online for anyone who wants the information, including a charge of $7,000 for the US dataset and $2,500 for the UK.
According to Cyber News who contacted the ‘threat actor’ who posted online, they were sent a sample of this data which they then verified were real contact numbers for WhatsApp users. However, since the news was published, other outlets have pointed towards other sources of where this information may have originated. Meta (Facebook), who owns WhatsApp, has not directly commented on this speculation, and research company Check Point has also analysed the data allegedly leaked from WhatsApp. They’ve found it did contain 360 million phone numbers from 108 countries, however, they were not able to confirm if this data was directly from a WhatsApp data breach.
It could be that the data is a reshare of a previous breach from Facebook in 2019, where the company has since been fined $275 million by the Irish Regulator the Data Protection Commission. This is where the full names, phone numbers, dates of birth and locations of Facebook users were made available for free online.
Whilst the most recent alleged WhatsApp security breach may not turn out to be using new data leaked from WhatsApp, it highlights what happens once your data is breached. The alleged hacker has not detailed how this information was gathered but is publishing and selling the user data again and making headlines, increasing the potential for other issues. If users weren’t already worried about their personal information and data being sold online, then this latest data breach is another recurring example of why people should be concerned about platforms like WhatsApp. Sharing email addresses and personal information including pictures and financial information through WhatsApp and similar communication apps is a huge risk.
For those whose personal data is contained in these datasets, it’s a reminder of how easily information can be obtained once given to a third-party platform such as Facebook or WhatsApp. Once people have access to your personal data, it can lead to various issues such as identity theft, phishing attempts and even ransomware attacks in extreme cases.
Not only is this concerning for personal users, but also for businesses who choose to use consumer apps like Facebook Messenger and WhatsApp to collaborate and communicate sensitive information. It raises the threat of cyberattacks on employees and even clients if their details are shared online for malicious purposes.
Having data leaked when using a supposedly trustworthy platform is not only frustrating for users but potentially harmful. When using consumer built platforms, your personal information could be intercepted and sold online to other third parties who may have malicious intent. For organisations, there’s a need to take data privacy and protection seriously, otherwise, the fines for not doing so are hefty and the impact on your brand reputation can be much worse for your long-term future.
Why trade convenience and ‘free’ platform use with your data privacy and security? The risks of doing so can lead to extremely difficult circumstances that may leave your data vulnerable, and your company under the spotlight for being non-compliant. There’s a better way to avoid being involved in a data leak and that’s by only using trusted, and secured communications platforms. Here are some of the ways to ensure you can protect your data:
Encryption – having End-to-End Encryption (E2EE) at transit and rest ensures data is not intercepted during transfer and can only be decrypted at the destination by the intended recipient.
Strong Password Authentication – using two-step authentication on top of a strong password is recommended to provide an extra layer of security if your password is intercepted.
Secure Connection – using public wi-fi and other unsecured connections leaves your data vulnerable, so ensuring a secure connection and using a virtual private network (VPN) where possible provides added defence.
Protecting your data at all costs is crucial, and at RealTyme we make no compromises when it comes to this. When using a secure communications platform, users should receive true data sovereignty with full control over their data. This ensures privacy by design unlike many consumer-built apps that weren’t built for this purpose. Here are some of the features of the RealTyme platform that can help:
To discover why we are trusted by governments, enterprises, and business leaders, talk to sales today. We’ll be happy to provide a demo of our platform and how we can integrate with your existing software by requesting an invite.