Jamaica was included among the 84 nations impacted by a data leak from the Meta-owned instant-messaging application WhatsApp that compromised an estimated 400,000 local telephone numbers. The data leak was announced online by Cybernews, an online security publication via Twitter. Cybernews had obtained screenshots allegedly in evidence of the data leak. In all, the WhatsApp data leak exposed the phone numbers and other personal information of its users in 84 countries, placing nearly one-quarter of the messaging platform’s estimated 2 billion active monthly users at risk.
Reports on November 16, 2022, revealed that an ad was posted on a popular hacking community forum, attempting to sell a 2022 database of 487 million mobile phone numbers belonging to WhatsApp users, including millions of users in the United States, United Kingdom, Russia, Egypt, Italy, Saudi Arabia, France, and Turkey, in addition to Jamaica. Some 385,890 Jamaican records were included in the data breach. The threat actor who was attempting the sale posted an asking price of $7,000 for the US dataset, $2,500 for the UK dataset, and $2,000 for the dataset from Germany.
While the seller did not disclose how the database was obtained, it was suggested that they “used their strategy” to collect it. The seller told Cybernews that all of the numbers belonged to active users of WhatsApp. When asked about the situation by Cybernews Meta did not offer an immediate response. A spokesperson from WhatsApp did say that the Cybernews claim was based on “unsubstantiated” screenshots and that there was no evidence of a data leak from the application.
It has been speculated by industry observers that the information on the users could have been harvested at scale in a process known as scraping. Scraping is in violation of WhatsApp terms of service. Meta has been criticized previously for allowing third parties to collect user data. WhatsApp’s parent firm has seen more than 533 million records of users leaked in a forum on the “dark web.” Leaked telephone numbers may be used for phishing, impersonation, fraud, or marketing purposes.
Photo – Deposit Photos