1. Home
  2. Massive breach at WhatsApp puts 1.5 bn users at risk

Massive breach at WhatsApp puts 1.5 bn users at risk

Agencies
May 14, 2019

San Francisco, May 14: Facebook's WhatsApp urged users to upgrade to the latest version of its popular messaging app after reporting that users might be vulnerable to having malicious spyware installed on phones without their knowledge.

WhatsApp, one of the most popular messaging tools, is used by 1.5 billion people monthly and it has touted its high level of security and privacy, with messages on its platform being encrypted end to end.

"WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices," a spokesman said.

"We are constantly working alongside industry partners to provide the latest security enhancements to help protect our users," he said. WhatsApp did not elaborate further.

WhatsApp informed its lead regulator in the European Union, Ireland's Data Protection Commission (DPC), of a "serious security vulnerability" on its platform.

"The DPC understands that the vulnerability may have enabled a malicious actor to install unauthorised software and gain access to personal data on devices which have WhatsApp installed," the regulator said in a statement.

"WhatsApp are still investigating as to whether any WhatsApp EU user data has been affected as a result of this incident," the DPC said, adding that WhatsApp informed it of the incident late on Monday.

Earlier, the Financial Times (FT) reported that a vulnerability in WhatsApp allowed attackers to inject spyware on phones by ringing up targets using the app's phone call function.

It said the spyware was developed by Israeli cyber surveillance company NSO Group and affects both Android and iPhones. The FT said WhatsApp could not yet give an estimate for how many phones were targeted.

The FT reported that teams of engineers had worked around the clock in San Francisco and London to close the vulnerability and it began rolling out a fix to its servers on Friday last week and issued a patch for customers on Monday.

Asked about the report, NSO said its technology is licensed to authorised government agencies "for the sole purpose of fighting crime and terror," and that it does not operate the system itself while having a rigorous licensing and vetting process.

"We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system. Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies," the company said.

WhatsApp disclosed the issue to the US Department of Justice last week, the FT said.

Social media giant Facebook bought WhatsApp in 2014 for $19 billion.

Facebook co-founder Chris Hughes last week wrote in The New York Times that fellow co-founder Mark Zuckerberg had far too much influence by controlling Facebook, Instagram and WhatsApp, three core communications platforms, and called for the company to be broken up.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
June 3,2020

New Delhi, Jun 3: Over 1 lakh scanned copies of Indians' national IDs, including Aadhaar, PAN card and passport, have been put on dark web for sale, cyber intelligence firm Cyble said on Wednesday.

The leaked data seems to have originated from a third party and not from the government system, according to a report by Cyble.

"We came across a non-reputed actor who is currently selling over 1 lakh Indian National IDs on the dark net. With such a low reputation, ideally, we would have skipped this; however, the samples shared by the actor intrigued our interest -- and also the volume. The actor is alleged to have access to over 1 lakh IDs from different places in India," Cyble said.

The personal data leaked by cyber criminals leads to various nefarious activities such as identity thefts, scams, and corporate espionage. Many criminals use the personal details in the IDs to win trust of the people over a phone call for fraudulent activities.

Cyber criminals leak personal data of 2.9 cr job-seeking Indians on dark web for free

The Cyble researchers acquired around 1,000 IDs from the seller and confirmed that the scanned IDs belong to Indians.

"Preliminary analysis suggests that the data originated from a third party, and no indication or artefact is indicating that it came from a government system. At this point, Cyble researchers are still investigating this further -- we are hoping to share an update soon," Cyble said.

The scanned ID documents indicate that the data may have been leaked from a company's data base in the segment where they have to comply with 'Know Your Customer' (KYC) norms.

"Cyble researchers have also learned about a surge in KYC and banking scams -- leaks such as this are often used by scammers to target individuals, especially elderlies," Cyble said.

The cyber intelligence firm has recommended people to refrain from sharing personal information especially financial information over phone, e-mail or SMS.

"Regularly monitor your financial transaction, if you notice any suspicious transaction, contact your bank immediately," the company said.

In May, Cyble showed two instances where personal data of 7.65 crore Indians have been put on sale in the dark web. In one instance, the seller claimed to have sourced data of 4.75 crore Indians from online directory Truecaller and in other, the seller claimed to have sourced from job websites.

Truecaller, however, had denied the claim of breach in its database.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
March 30,2020

Geneva, Mar 30: The number of confirmed COVID-19 cases worldwide has reached 634,835, among them 29,957 fatalities, the World Health Organization (WHO) said on Sunday.

Over the past 24 hours, 63,159 people were confirmed to be infected with the novel coronavirus and 3,464 people died, the WHO said.

According to the latest situation report, the majority of the confirmed cases - more than 361,000 - are presently concentrated in Europe, with Italy leading the tally with over 92,000 cases, followed by Spain with over 72,000 cases, and Germany with over 52,000 cases.

Italy and Spain are also the countries that top the worldwide death toll from COVID-19, with 10,023 and 5,690 fatalities, respectively.

The second most affected region is currently the Americas with over 120,000 verified COVID-19 cases, of which the majority - over 103,000 - have been found in the United States. The US is also the country with the highest single tally of COVID-19 cases at the moment.
The WHO declared COVID-19 a pandemic on March 11.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
January 11,2020

New Delhi, Jan 11: Senior Congress leader P Chidambaram on Friday said that he has never seen innocents like the Indian people, who believe the claims made by the government on the implementation of its programmes. The former Union Minister, addressing a literary event, said, "I have never seen innocents like the Indian people. If something appears on print (and named two newspapers also), we believe it. We believe anything."

Claims like all villages having been electrified in the country and toilets built for 99 per cent of families in India were being believed, he said.

Similar was the case of the Ayushman Bharat scheme, (Pradhan Mantri Jan Arogya Yojana or PM-JAY is a flagship health care scheme of the Centre), he alleged.

Stating that his Delhi-based driver's father had to get a surgery done under the scheme, he said, however, it could not be performed.

"I asked him (car driver) if he had the Ayushman card and he showed a card and I told him to take it (to hospital). In hospital after hospital, they said they were not aware of anything like that (Ayushman scheme). But we believe that the Ayushman scheme has come to the whole of India," he said.

Further, he said "we believe that for any disease, treatment will be done (indicating the Ayushman scheme) without shelling out money. We are being innocents."

Many news items and data were contrary to the truth, he added.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.