WhatsApp

Potentially Historic Massive Data Leak Austrian researchers have revealed a mass enumeration vulnerability in WhatsApp that allowed the extraction of 3.5 billion user phone numbers. This finding highlights a security flaw in the app’s “contact discovery” feature, which, lacking strict rate limiting, allowed researchers to scrape a large portion of WhatsApp’s user base. The method exploited by the researchers is based on how WhatsApp makes it easy to add contacts: when you enter a phone number, the platform instantly checks whether that number is registered and often displays the profile photo and associated name. By repeating this process billions of times using the browser-based WhatsApp app, researchers were able to collect phone numbers of almost all WhatsApp users in the world. ...

CTM360 has identified a rapidly expanding WhatsApp account hacking campaign, internally called HackOnChat. This campaign uses a network of deceptive authentication portals and phishing pages to target users around the world. Attackers exploit WhatsApp’s familiar web interface and employ social engineering tactics to trick users into compromising their accounts. CTM360’s research revealed thousands of malicious URLs hosted on low-cost domains and generated quickly by modern website building platforms, allowing attackers to deploy new pages at scale. A notable increase in incidents has been observed in recent weeks, especially in the Middle East and Asia. ...