The personal mobile numbers of nearly 500 million WhatsApp users are now for sale on the internet, according to a report by Cybernews.

The threat actor responsible for this feat posted an ad on a well-known hacking forum, revealing that it contains user data from 84 countries, including 32 million in the US, 45 million in Egypt, 35 million in Italy, 29 million in Saudi Arabia, 20 million in France, 20 million in Turkey, 10 million in Russia, and over 11 million in the UK.

The leaked phone numbers could be used by a variety of parties with malicious intent, including phishing, unsolicited advertising, and elaborate identity theft, and thus can obtain a handsome amount online. For the US dataset alone, the hacker is charging $7,000, followed by $2,500 for the UK and $2,000 for Germany.

The number of hacked accounts by country, as released by Cybernews.

As for how the information may have been obtained, it is speculated that the data breach was achieved through a number of methods, including smishing and vishing attacks, which are carried out over unsolicited calls and messages from unknown numbers, and third-party data scraping, a practice where user information is harvested at scale.

Although Cybernews confirmed the account in fact belonged to active WhatsApp users through a 1,097 UK sample that the hacker shared with the news publication, the company has categorically denied the claims. “The claim written on Cybernews is based on unsubstantiated screenshots. There is no evidence of a ‘data leak’ from WhatsApp,” said a spokesperson.

A number of social media platforms fell for scraping attacks over recent years, including Facebook in November 2021, and LinkedIn in October 2022.