WhatsApp users may need to take extra steps to protect their account information following a potentially concerning discovery. A study by researchers at the University of Vienna revealed the app’s contact-discovery system enabled the collection of extensive WhatsApp user data at an unprecedented scale due to insufficient rate-limiting across global endpoints.
The researchers were able to gather huge amounts of phone numbers, public profile photos, account status text, business tags, and information tied to end-to-end encryption keys.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Potent Skygofree Malware Packs ‘Never-Before-Seen’ Features
January 17, 2018
Researchers have identified a powerful new Android malware strain called Skygofree capable of eavesdropping on WhatsApp messages, siphoning private data off phones and allowing adversaries to open reverse shell modules on targeted devices, giving attackers ultimate remote control. Researchers said the malware was developed three years ago and has evolved significantly since then to include 48 ...
- LeakedSource Founder Arrested for Selling 3 Billion Stolen Credentials
January 16, 2018
Canadian authorities have arrested and charged an Ontario man for operating a website that collected ‘stolen’ personal identity records and credentials from some three billion online accounts and sold them for profit. According to the Royal Canadian Mounted Police (RCMP), the 27-year-old Jordan Evan Bloom of Thornhill is the person behind the notorious LeakedSource.com—a major repository that compiled public ...
- Nissan Finance Canada Suffers Data Breach — Notifies 1.13 Million Customers
December 21, 2017
It’s the last month of this year, but possibly not the last data breach report. Nissan warns of a possible data breach of personal information on its customers who financed their vehicles through Nissan Canada Finance and INFINITI Financial Services Canada. Although the company says it does not know precisely how many customers were affected by the ...
- No hack needed: Anonymisation beaten with a dash of SQL
December 18, 2017
Governments should not release anonymised data that refers to individuals, because re-identification is inevitable. That’s the conclusion from Melbourne University’s Dr Chris Culnane, Dr Benjamin Rubinstein and Dr Vanessa Teague, who have shown that the Medicare data the Australian government briefly published last year can be re-identified – trivially. Read more… Source: The Register
- Uber says data breach compromised 380K users in Singapore
December 16, 2017
Uber says an estimated 380,000 users in Singapore were impacted by the 2016 data breach that compromised 58 million accounts globally, but finds no incidents of fraud related to the attack. The ride-sharing operator posted a statement on its website Friday with the update, noting that the figure was “an approximation rather than an accurate and ...
- Collection of 1.4 Billion Plain-Text Leaked Passwords Found Circulating Online
December 11, 2017
Hackers always first go for the weakest link to quickly gain access to your online accounts. Online users habit of reusing the same password across multiple services gives hackers opportunity to use the credentials gathered from a data breach to break into their other online accounts. Researchers from security firm 4iQ have now discovered a new collective database on ...

