The National Information Technology Development Agency (NITDA) has warned WhatsApp users to be careful while using the application following an alleged data breach by the company.
NITDA spokeswoman Hadiza Umar gave the warning in a statement issued on Wednesday in Abuja.
On November 16, an actor posted an advert on a popular hacking community platform claiming they were selling a 2022 database of 487 million WhatsApp user mobile numbers.
The database was alleged to contain WhatsApp user data from 84 countries, with over 32 million US user records included.
The post also said that the most phone contacts belonged to citizens of Egypt with 45 million, Italy with 35 million, Saudi Arabia with 29 million, France with 20 million and Turkey with 20 million.
“Following the alleged leak of nearly 500 million WhatsApp users’ mobile phone numbers globally and this includes over nine million contacts from Nigeria. There is an impending danger of threat actors using these data to carry out malicious activities, thereby putting many at risk,” said Ms Umar. “Such information could be used to perpetrate cyber attacks such as smishing and vishing,’’ Umar said.
According to her, smishing involves sending unsuspecting users text messages and asking them to click on links or provide personal information, which can be used to scam victims and launch attacks.
“Vishing entails the use of phone calls, voice messages by cyber criminals to manipulate or device unsuspecting recipients into revealing sensitive information for fraudulent acts,” added the NITDA official.
She explained that NITDA’s Computer Readiness and Response Team (NITDA-CERRT) “is alerting the public, most especially instant messaging platform users, to be wary of unsolicited calls, voice notes and messages from unknown numbers.
“To avoid being victims, users are to enable two-factor authentication on your instant messaging app,” Ms Umar stated. “Do not reveal personal information on your profile and do not respond to requests from untrusted or unknown contacts asking for personal data, passwords or other verification code through messages or calls.’”
Umar urged the public to contact CERRT.ng via cerrt@nitda.gov.ng or call +234 817 877 4580 for more enquiries.
(NAN)