KUALA LUMPUR, Nov 28 — Several sources report that an ad was posted on a well-known hacking community forum claiming to sell a 2022 database of 487 million WhatsApp user mobile numbers. Out of which, 11 million are Malaysian numbers.

Besides Malaysia, the leak includes accounts from 84 countries. According to the source, countries with the highest number of hacked accounts are Egypt with 44,823,547, Italy with 35,677,323, and the US with 32,315,282. Malaysia has the 12th highest number with 11,675,894.

This is an unsettling amount of users affected by the WhatsApp leak. The information can be used by attackers for phishing attacks, and WhatsApp has around two billion monthly active users worldwide.

Upon request, the seller of WhatsApp’s database shared a sample of data with Cybernews researchers — the ones who first reported the leak. As a sample, the seller shared 1097 UK and 817 US user numbers. With more investigation, the numbers included in the sample are confirmed WhatsApp users.


The seller, however, did not specify how they obtained the database. But quite often, massive data dumps posted online turn out to be obtained by scraping — which violates WhatsApp’s Terms of Service.

“In this age, we all leave a sizeable digital footprint — and tech giants like Meta should take all precautions and means to safeguard that data... We should ask whether an added clause of ‘scraping or platform abuse is not permitted in the Terms and Conditions’ is enough. Threat actors don’t care about those terms, so companies should take rigorous steps to mitigate threats and prevent platform abuse from a technical standpoint,” said the Head of Cybernews research team Mantas Sasnauskas.

Cybernews reached out to WhatsApp’s parent company, Meta, but received no immediate response. But for now, it’s recommended to remain wary of any calls from unknown numbers, unsolicited calls, and messages. Don’t click or open any suspicious links and enable two-step verification to further secure your WhatsApp account if you haven’t done so. — SoyaCincau