WhatsApp defends itself against 'data leak' allegations made by media report

WhatsApp has clarified that it has seen no evidence of a “data leak” on its systems after a Cybernews report said the mobile numbers of nearly 500 million WhatsApp users were exposed, including three million from Hong Kong.

This comes as a Cybernews report claimed on 26 November that a user of a renowned hacking community forum posted an ad saying he was selling a 2022 database of 487 million WhatsApp user mobile numbers. The dataset was said to be containing the user information from 84 countries, including 32 million from the US, 45 million from Egypt, three million from Singapore, 12 million from Malaysia, 2.9 million from Hong Kong and 670K from China.

The US dataset was sold for $7,000, the UK – $2,500, and Germany – $2,000, according to the report. However, the sellers did not specify how they acquired the database, claiming that some strategies were used to collect the data.

Soon after the report was released, a spokesperson from Meta released a statement claiming that the allegations in the report are speculative and based on unsubstantiated screenshots.

The spokesperson also clarified that Meta has seen no evidence of a “data leak” on WhatsApp systems, “We would reiterate that we have seen no evidence of a data leak on WhatsApp systems. We would also note that the article purports to describe a list of phone numbers, some of which may be associated with WhatsApp accounts, and no other WhatsApp user information,” the statement read.

The spokesperson also said Meta has no information about how the supposed list of phone numbers was collected or the extent to which they contain Hong Kong phone numbers. “There are many ways a list of phone numbers, without WhatsApp user data, could be compiled, and we are not in a position to speculate how this may have happened,” said the spokesperson. 

“We take allegations about the security of our service very seriously and, out of an abundance of caution, we have taken immediate steps to further look into the claims made in the articles. We appreciate your understanding that those checks take time, and will provide updates if and as we have more to share,” the statement added.

Furthermore, Meta also advised WhatsApp users to block and report suspicious messages, and never click on links or share personal details with strangers.

On the other hand, The Office of the Privacy Commissioner for Personal Data on 25 November said it had not received any notifications from Meta or WhatsApp about the alleged data leak. It had reached out to the organisations for details. "If WhatsApp users suspected that their personal information had been compromised, they could contact the company or the office for inquiries", it added.

Related articles:

FactWire apologises for data leak as newsletter subscriber info exposed
Harbour Plaza Hotel data breach sees 1.2m customer data leaked
Shangri-La's hotels face cyber attacks affecting 290,000 consumers