SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Norton reveals info and advice on the latest WhatsApp breach
Thu, 1st Dec 2022
FYI, this story is more than a year old

New reports have indicated a WhatsApp personal data breach may have affected up to 1.8 million Kiwis. 

It has been revealed that a cybercriminal may have scraped the phone numbers of up to 1,824,589 New Zealanders through a WhatsApp breach. This is said to be part of a wider scrape of an estimated 1 billion records worldwide.

Norton researchers say that this breach has the potential to widely affect Kiwis. Because phone numbers are traditionally used for scams and phishing attempts, this creates more opportunities for cyber threats. An example of this can be seen in last year's Flubot wave. 

Flubot was described as a banking trojan, designed to appear legitimate to the receiver. It sends SMS messages to unsuspecting targets, claiming that they missed a call or have a new voicemail, on some occasions impersonating well-known institutions, like trusted parcel delivery services or banks.

Scam activity is often found to rise during the festive season, creating significant challenges for both consumers and businesses who rely on communication technology. To combat a potential breach, Norton encourages vigilance and has provided a variety of tips that they say can help with data protection.  

The company recommends maintaining good mobile hygiene and keeping devices updated with the latest operating system.

It also suggests that users create strong passwords combined with multi-factor authentication and use comprehensive security programs to help keep devices and data safe.

If a user is on an Android device, Norton recommends disabling Install Unknown Apps. Researchers say that many malicious apps find their way onto mobile devices outside of the official Google Play store, but from unknown sources. 

While they say it might be tempting to install the occasional app that you can't find in the official app store, users should proceed with caution. If they are willing to take the risk and trust the source, users should make sure they disable the feature again afterwards to reduce any ongoing security risk.

Norton also says that users should never open links that seem suspicious. They should always check to make sure that the mail is really from the sender it claims to be. If it promises things that seem to be too good to be true, they probably are.

It is also said that users shouldn't grant apps broad permissions and only let them access what they need to function. Norton recommends avoiding any apps that ask for more data than necessary.