Whatsapp Hack Update: Personal Data From 10M Accounts Stolen
The vulnerability has now been fixed, but not before the attackers used an automated technique to move from account to account so they could steal the access tokens of users, their friends, friends of their friends, and so on, totalling about 100,000 people.
“The attackers used a portion of these 400,000 people’s lists of Whatsapp contacts to steal access tokens for about 30 million people. For 15 million people, attackers accessed two sets of information, name and contact details — phone number, email, or both, depending on what people had on their profiles,” Romns said.
For another 14 million people, the attack was potentially more damaging as the hackers accessed both their name and contact details as well as other details like username, gender, location, language, relationship status, religion, hometown, date of birth, device types used to access , education, work details, places they have recently “checked in” to as visiting, people or pages they follow and the 15 most recent searches.
For the remaining one million people whose Whtsapp access token were stolen, the attackers did not access any information, Rosen said.
He said users’ accounts have already been secured by the two weeks ago and they do not need to log out again or change their passwords.
The attack did not affect -owned Messenger, Messenger Kids, , WhatsApp, Oculus, Workplace, third-party apps, payments, Pages, and advertising or developer accounts, the company said.
Asserting that is still looking at other ways the hackers may have used the platform, Rosen said, “People’s credit card information would not have been visible to the attackers, as we do not display full credit card numbers — not even to the account holder.”
its confirm that whatsapp hacked using a rat
“We haven’t ruled out the possibility of smaller-scale, low-level access attempts during the time the vulnerability was exposed. Our investigation into that continues,” he said.
has been cooperating with the FBI, the US Federal Trade Commission, the Irish Data Protection Commission and other authorities.
“We don’t have a specific indication of the intention of the attackers. And as we have said, we are cooperating with the FBI in an active investigation. As part of the information that we will be sharing with users over the coming days, we will be including information as to how they can watch out for any suspicious e-mails or text messages or things of that sort,” Rosen said.