WhatsApp leak: Nearly 500 million user data offered in underground forum (Nov. 2022)

Sicherheit (Pexels, allgemeine Nutzung)[German]On November 16, 2022, an unknown person offered a huge data set with approximately 487 million WhatsApp user data in an underground forum. The data set allegedly contains WhatsApp user data from 84 countries. The leak contains also mobile phone numbers of the WhatsApp users.


The Messenger service WhatsApp, which belongs to the Facebook group Meta, is said to have two billion users worldwide. Someone seems to have siphoned off a large amount of user data that they store in their profiles on WhatsApp. It is said to be a data stock that includes the year 2022.

WhatsApp data leak
Source: CyberNews

A total of around 487 million WhatsApp user data was offered in the underground forum on November 16, 2022. The screenshot above shows the amount of data for several countries. The site Cybernews has revealed some details about these datasets in this article (thanks to the reader for the tip).

WhatsApp data for sale

At the request of a security researcher cooperating with Cybernews, the seller of the WhatsApp database submitted a sample from the dataset, which included the phone numbers used for WhatsApp of 1097 UK and 817 US users. Cybernews claims to have verified all the numbers included in the sample. The editorial confirmed that all phone numbers from the sample problem belong to WhatsApp users.


The seller of the dataset did not disclose how he got the WhatsApp phone data. He only stated against Cybernews that he had used "his strategy" to pull the WhatsApp data. According to the seller's information, all phone numbers should belong to active WhatsApp users. Cybernews published in the article a list of all countries along with the number of records from which WhatsApp data was siphoned.

There has been no response yet to Cybernews' inquiry to Meta regarding this data leak. Cybernews' editorial team speculates that the siphoned WhatsApp user data was collected by scraping via an API. Although this violates WhatsApp's terms of use, it is used again and again for such purposes. This is not particularly convenient for Meta, because in 2021 a hacker published phone numbers of 533 million Facebook users (see Hacker publiziert 533 Millionen Telefonnummern von Facebook-Nutzern).

Phone numbers published in data leaks can be misused for phishing, fraud, attacks via WhatsApp or even (depending on the country) for telemarketing. The case shows once again how vulnerable the digital society has become. This is because WhatsApp gets access to the stored contacts via the app.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *