A threat actor has reportedly leaked millions of alleged WhatsApp user records on a popular cybercrime forum before announcing their retirement from cybercrime activities.
The leaked dataset is over 3TB in size and allegedly contains phone numbers, login credentials, and other personally identifiable information linked to WhatsApp users.
Researchers at Cybernews analyzed the publicly accessible files said the dataset includes phone numbers categorized by country and region. The exposed data reportedly contains around 10 million Russian phone numbers and nearly 4 million Israeli phone numbers.
Some sample files also allegedly include names, email addresses, home addresses, and WhatsApp account login details. If authentic, such information could significantly increase the risk of phishing attacks, account takeovers, identity theft, and large-scale social engineering campaigns.
However, the full dataset remains unverified. Many files were password-protected, and the attacker failed to share the password publicly. Because of this, the complete contents of the leak could not be independently verified.
At this stage, there is no evidence suggesting a direct breach of WhatsApp infrastructure or servers. Security researchers believe the data may have been collected through phishing kits, malicious QR codes, infostealer malware, or large-scale scraping techniques rather than a direct platform compromise.
The report also referenced earlier research from the University of Vienna and SBA Research that demonstrated how attackers could potentially extract phone numbers from WhatsApp at massive scale through automated abuse methods.
The presence of login credentials inside the leaked files is particularly concerning because it may indicate the use of credential-stealing malware or phishing operations targeting users outside the WhatsApp platform itself.
If the leaked data is legitimate, attackers could use it for vishing and smishing campaigns by impersonating banks, delivery services, or even official WhatsApp support representatives. Leaked phone numbers combined with personal information can also help cybercriminals build detailed victim profiles for future attacks.
