Our customers tell us we’re genuinely different to other IT companies.
Get in touch today to find out more.
Or call us today on 01225 426 800
In a recent hack, around 500 million WhatsApp users’ data has been compromised.
Although the platform uses end-to-end encryption, it appears that a hacker (or group of hackers) has used a highly sophisticated method to extract user information, including names and telephone numbers.
WhatsApp has more than 2 billion users worldwide, meaning this leak has exposed approximately one-quarter of their entire customer base with 11 million users in the UK affected.
Posting anonymously in a known hacker’s forum, it appears that the UK data list is up for sale for around $2,500.
With a quarter of WhatsApp’s users affected, it’s likely that your data has made it onto the list.
There are several possibilities as to how the data will be used.
Often, when a leak happens, the data will be sold and used in phishing scams. With the recent increase in seasonal/delivery phishing scams, this is the perfect opportunity for scammers to place a bid on data.
In addition to phishing scams, the data could be used to steal identities.
Living in a digital world means our identity and online accounts are often tied to our mobile number(s). Including our social media accounts and bank accounts.
Although a hacker can’t steal your identity with just your phone number, if they have other details from another breach, such as your name, email address and home address, they have a greater ability to do more damage.
Unfortunately, if your data is on the list of accounts breached, there’s no way to remove it. However, there are some steps you can take to protect yourself.
If your mobile number is linked to any of your online accounts, we recommend that you change your password immediately. This includes the Microsoft 365 account you use for work.
Related: How to choose a secure password
Passwords should be random and hard to guess. Therefore, you should avoid using easily guessable information, such as your name, DOB or pet’s name.
Related: The weakest passwords of all time
Once you’ve changed your password, we would also recommend enabling 2-Factor Authentication on your online accounts (if you haven’t already).
2-Factor Authentication provides an extra layer of security to your accounts as it requires you to enter your username, password and a code sent to you via SMS, telephone call or email.
If a hacker tries to gain access to an online account with 2-FA enabled, they will be unable to get any further than the login screen without having your unlocked mobile phone in their possession.
With the lead-up to Christmas underway, we have already seen an increase in seasonal delivery phishing scams.
It’s likely that the data from WhatsApp’s breach will be used in phishing attempts. Therefore, it’s important that you know how to spot a phishing scam.
Certain phishing scams are seasonally themed, for example, there is often an increase in phishing scams around Christmas time.
As an ESET Gold Partner with Cyber Essentials and Cyber Essentials Plus certifications, we take cybersecurity seriously.
Our cybersecurity services cover everything your business needs to remain safe online, including:
If you’d like to talk to one of our friendly experts about business cybersecurity solutions, don’t hesitate to get in touch.