What exactly is a “user record” in this case? The article only mentions phone numbers. Are these associated with names or any other metadata? Or is it just a list of valid phone numbers? It’s hard to tell how serious this breach is.
The number listed for the UK suggests that around one in seven mobile numbers is tied to a WhatsApp account. That suggests that just guessing that every mobile number is a WhatsApp account is useful for a lot of attacks. If they’re tied to names and geography then that’s very different. We know that most MPs use WhatsApp (because people keep leaking screen shots of them saying unacceptable things in WhatsApp chats). If you can get the prime minister’s number and clone his SIM then you can probably do a lot more interesting targeted attacks (this is why Signal requires you to enter a PIN when you add a new device, not sure if WhatsApp does).
Why don’t “normal people” (read: non-tech people, the majority, normies) care about stuff like this?
Platforms like WhatsApp, Facebook, LinkedIn, etc seem to constantly leak user info, trade user info illegally, violate privacy, etc. I don’t understand why anyone is STILL using these platforms. Because everyone else is? That’s moronic. I’ve lost faith in society as a whole at this point.
Taking this in good faith - 1) because the utility provided by the apps vastly outweighs the perceived risks iinvolved with their use and 2) learned helplessness. This “stupidity” bothered me for years until I had some personal experiences that threw things into perspective on 1 where you hit a phase of life in which privacy is the last of the your concerns. The issue with 2 is largely one of education; I’ve successfully switched a huge number of tech un-saavy folks to better FOSS or small/indie biz alternatives purely by telling them they exist, no marketing needed!
[Meta voice] Hey, we were supposed to sell access to that.
What exactly is a “user record” in this case? The article only mentions phone numbers. Are these associated with names or any other metadata? Or is it just a list of valid phone numbers? It’s hard to tell how serious this breach is.
The number listed for the UK suggests that around one in seven mobile numbers is tied to a WhatsApp account. That suggests that just guessing that every mobile number is a WhatsApp account is useful for a lot of attacks. If they’re tied to names and geography then that’s very different. We know that most MPs use WhatsApp (because people keep leaking screen shots of them saying unacceptable things in WhatsApp chats). If you can get the prime minister’s number and clone his SIM then you can probably do a lot more interesting targeted attacks (this is why Signal requires you to enter a PIN when you add a new device, not sure if WhatsApp does).
Why don’t “normal people” (read: non-tech people, the majority, normies) care about stuff like this?
Platforms like WhatsApp, Facebook, LinkedIn, etc seem to constantly leak user info, trade user info illegally, violate privacy, etc. I don’t understand why anyone is STILL using these platforms. Because everyone else is? That’s moronic. I’ve lost faith in society as a whole at this point.
/rant
Taking this in good faith - 1) because the utility provided by the apps vastly outweighs the perceived risks iinvolved with their use and 2) learned helplessness. This “stupidity” bothered me for years until I had some personal experiences that threw things into perspective on 1 where you hit a phase of life in which privacy is the last of the your concerns. The issue with 2 is largely one of education; I’ve successfully switched a huge number of tech un-saavy folks to better FOSS or small/indie biz alternatives purely by telling them they exist, no marketing needed!