Whilst some are calling this a ‘data breach’ and using other sensational headlines, we’ll refer to it as a reality that amounts to nothing more than standard data parsing from WhatsApp.
We’d like to point out straight away that this reminded us of a story from last year, where a group of researchers also managed to compile a complete list of numbers registered on WhatsApp.
Link to article
.
Unfortunately, as we can see, the lack of a rate limit is still present. We carried out similar tests to see how the web version of WhatsApp behaves when searching for numbers, and we can confirm that, with little effort, a 200-line code in NodeJS is capable of collecting: a photo, a phone number, and how a person has described themselves.
This leak occurred on one of the hacker forums by a user going by the nickname ‘NormalLeVrai’; in his post, he also stated that he was ending his hacking career and ‘moving on to more important offline matters’.
This leak did not affect WhatsApp’s servers or users’ conversations in any way; it merely opened up more opportunities for spammers and other services to send advertising via WhatsApp.
The leak also contains other data that is either password-protected or appears to be log files from stealer. The hacker failed to provide the password for the archives, so a full investigation is not possible.