Unlike other messaging platforms, WhatsApp uses the phone number as a proxy for the username, associating it with the person’s online identity.
More difficult to change than a simple email address, the phone number can be valuable information for anyone interested in following a specific person online. In addition, there is a good chance that the number is also associated with other accounts on various online platforms, and a determined hacker could link the information to facilitate phishing attacks or gain access to those accounts.
According to a report on the CyberNews website, an ad posted in a hacking community is auctioning off a 2022 database containing no less than 487 million phone numbers of WhatsApp users. These numbers come from 84 countries, with only 32 million records coming from US users.
Given that WhatsApp has 2 billion users, it follows that about 1 in 4 users have their phone number included in the database released. Although no other personal/private information appears to have been leaked besides phone numbers, simply listing phone numbers exposes users to all sorts of scams, such as receiving spam calls or phishing attempts.
It is unclear how these numbers were obtained, but it is speculated that they were obtained through scraping, meaning that WhatsApp servers were not compromised. Unfortunately, apart from changing your phone number there aren’t many solutions to try, with security experts recommending vigilance when answering calls from unknown numbers, as there’s a possibility that a scammer is on the other end looking for victims. Another danger is incoming calls from premium rate numbers. Usually initiated from numbers registered in foreign countries, these attacks can result in the bill being charged simply by answering the incoming call.