Cybernews has recently reported of an alleged Whatsapp data leak. Meta owned Whatsapp, currently has around 2 billion users and a list of just shy of 500 million harvested records with users from 84 countries, is (allegedly) being sold on on the dark web.
32 million of the numbers are purported to be from US users, 10 million Russian numbers, and 11 million claimed to be UK numbers.
The list is said to have been amassed using various techniques, and has been advertised for sale in a dark web forum complete or broken down into regional lists. Some examples demonstrated were US data $7,000 / £5,771, US data $2,000 / £2,061, and German data $2,000 / £1,648 (conversions to £GBP approximate based on xe.com).
A representative from Meta has described the alleged leak as “purely speculative”, and only based on a number of “un substantiated screen” shots.
Cyber Threat Monday?
This could turn out to be a hoax, but if the leak is legitimate, news of this leak is worrying. It comes at a time of year where people’s guards may be down and due to Black Friday, Cyber Monday offers ahead of the festive season. Shoppers could fall for fake deals, or may be expecting parcel deliveries from couriers and fraudulent messages from scammers could catch people out.
Phishing, smishing and vishing activities often increase around this time of year, from threat actors preying on people in the hope they will click on their links to steal credentials, or spread malware and ransomware.
Whether looking this from a personal or business perspective, it highlights that cyber crime is on the up and there is always someone looking to take advantage of others. It is essential that people know how to be more safe and secure on line and how to identify when something may not be right. Talking about this sort of thing with colleagues, family and friends can help raise awareness. With the amount of people posting on social media lately that accounts have been cloned or compromised you can see how big a problem this is. Not just inconvenient, there could well be something more sinister going on.
With many people accessing company systems on lesser protected BYOD smart devices and computers, it can unwittingly create back doors into businesses who may be the real target, with customer data being stolen or data being locked and ransom demands made to unlock it.
If using Whatsapp web/desktop, users could potentially click on something in a chat that email protection and firewalls could normally spot. If clicking on something nefarious on the mobile app, it could potentially provide access to your entire phone, logging keystrokes and maybe even 2FA methods for other applications.
Be Safe – Not Sorry
Are you or your teams able to spot something out of the ordinary?
Do you provide regular training on what to look out for?
Would they know what to do if they do click on something they perhaps should not?
Talk to us at HM Network. We can help in a number of ways including structures video based training platforms to up skill staff (teach them how to identify phishing by running simulations for example), and endpoint protection.
If you are concerned about the security of your network, or suspect you may have malware in any of your systems, we have various “how to” guides and options to scan, run reports, quarantine and remediate threats if required.
For more information please get in touch via our contact page.