More than 360 million phone numbers, from 108 countries, were leaked on the dark web, according to Check Point Home, a cybersecurity research firm. Check Point conducted this analysis after reports emerged on November 16 that hackers were selling WhatsApp numbers on the dark web. Examining the list, Check Point found that 360 million numbers, from 108 countries, had indeed been leaked. The agency warned that the leaked numbers are vulnerable to phishing, vishing and smishing exercises. 

“The news about these files being sold on the dark web was first exposed on November 16 in a message published by the hacker on the hacking forum, BreachForums, claiming to be selling the up-to-date personal information of 487 million WhatsApp users from 84 countries,” said the agency in its blog. On examination, the agency found that the leak contained over 360 million phone numbers from 108 countries. 

Once cybercriminals have access to phone numbers that are then sold, attacks such as vishing or smishing are likely to follow. Vishing is a social engineering attack, where a victim is duped into giving information over the phone, while smishing is conducted through SMS. With millions of records available to buy, these types of attacks are likely to increase. It is also possible that hackers could access other online services using the phone number, which may have more damaging consequences, the report added.

Check Point Research found an increase in phishing attacks around the holiday season, with a 17 per cent rise in malicious e-mails during Black Friday and Cyber Monday. This year, Amazon Prime Day also saw an 86 per cent increase in Amazon-related phishing e-mails.

Each country has a different number of records that have been exposed, ranging from 604 in Bosnia and Herzegovina to 35 million attributed to Italy. In the past four days, the files, which include international dial codes and were first set for sale, are now being distributed freely amongst the hacker.