WhatsApp security flaw lets experts scrape 3.5 billion user numbers


WhatsApp users may need to take extra steps to protect their account information following a potentially concerning discovery. A study by researchers at the University of Vienna revealed the app’s contact-discovery system enabled the collection of extensive WhatsApp user data at an unprecedented scale due to insufficient rate-limiting across global endpoints.

The researchers were able to gather huge amounts of phone numbers, public profile photos, account status text, business tags, and information tied to end-to-end encryption keys.

Read more…
Source: TechRadar News


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Victims Lose Access to Thousands of Photos as Instagram Hack Spreads

    August 14, 2018

    In a probable quest to build a botnet, someone is hacking Instagram accounts, deleting handles, avatars and personal details, and linking them to a new email address. An Instagram hack is spreading across the internet, with increasing numbers of victims finding their accounts hijacked and personal details altered — and account recovery so far impossible. Read more… Source: ...

  • Health Care Data of 2 Million People in Mexico Exposed Online

    August 7, 2018

    A MongoDB database was exposed online that contained health care information for 2 million patients in Mexico. This data included information such as the person’s full name, gender, date of birth, insurance information, disability status, and home address. The database was discovered by security researcher Bob Diachenko via Shodan, which is a search engine for all Internet connected devices and not just web ...

  • Salesforce.com Warns Marketing Customers of Data Leakage SNAFU

    August 3, 2018

    Potentially impacted customers include organizations like Aldo, Dunkin Donuts, GE, HauteLook, Nestle Waters, News Corp Australia and Sony. Cloud behemoth Salesforce.com is warning customers about an API error that may have leaked data for some users of its Marketing Cloud offering. The issue was in play between June 4 to July 18, according to an alert that ...

  • Singapore’s Largest Healthcare Group Hacked, 1.5 Million Patient Records Stolen

    July 20, 2018

    Singapore’s largest healthcare group, SingHealth, has suffered a massive data breach that allowed hackers to snatch personal information on 1.5 million patients who visited SingHealth clinics between May 2015 and July 2018. SingHealth is the largest healthcare group in Singapore with 2 tertiary hospitals, 5 national specialty , and eight polyclinics. According to an advisory released by Singapore’s Ministry ...

  • Thousands of U.S. Voter Personal Records Leaked by Robocall Firm

    July 18, 2018

    The information was exposed on a public Amazon S3 bucket by a Virginia-based political campaign and robocalling company. Researchers have discovered yet another misconfigured repository bucket – this time leaking the information of U.S. voters. The information was exposed on a public Amazon S3 bucket by a Virginia-based political campaign and robocalling company called Robocent. Kromtech Security researchers, ...

  • Timehop breach hits 21 million users due to a lack of 2FA on cloud services

    July 9, 2018

    Timehop, a service that surfaces a user’s past social media content, has revealed a security breach that hit the company on July 4, and resulted in a database of 21 million users hit. As a result, the company has voided all social media authorisation tokens it held, and is alerting its users. Around 4.7 million phone numbers were breached, ...