Cybernews also reported the threat actor is selling the US dataset for US$7000 USD (NZ$11,000), the UK dataset for US$2500 (NZ$4000), and the German dataset for US$2000 (NZ$3200).
According to a statement sent by WhatsApp to the Times of India, the report was unsubstantiated.
“The claim written on Cybernews is based on unsubstantiated screenshots. There is no evidence of a ‘data leak’ from WhatsApp,” the spokesperson said.
Cybernews, however, claims there is no proof of a hack and the information was most likely “scraped” off the app.
Given that phone numbers may be exploited in scams or phishing attacks, this could potentially be risky for users.
CERT NZ told the Herald they were aware of the incident and don’t believe “it is a serious or imminent security threat to New Zealanders”.
“The information appears to be only mobile numbers, however, this can mean an increase in spam and phishing messages over WhatsApp and SMS, especially as we are heading into the busy Christmas season,” CERT NZ manager of incident response Jordan Heersping said.
Heersping advised this was a good opportunity to activate two-factor authentication on your WhatsApp account and other apps, so even if an attacker gets your password somehow, they cannot get into your account.
“We recommend all WhatsApp users in New Zealand to be vigilant for spam messages and links being sent to them from unknown sources,” Heersping said.
“This includes shopping offers or messages about deliveries.”
Those who receive suspicious SMS messages have been asked to forward them free of charge to 7726. Suspicious links can also be reported to CERT NZ to have them removed.
