The National Information Technology Development Agency (NITDA), has reportedly warned WhatsApp users to be careful while using the application following an alleged data breach by the company.
Mrs Hadiza Umar, Head, Corporate Affairs and External Relations of the agency gave the warning in a statement issued on Wednesday in Abuja.
On Nov. 16, an actor posted an advert on a popular hacking community platform claiming they were selling a 2022 database of 487 million WhatsApp user mobile numbers.
The database was alleged to contain WhatsApp user data from 84 countries, with over 32 million US user records included.
The post also said that the most phone contacts belonged to citizens of Egypt with 45 million, Italy with 35 million, Saudi Arabia with 29 million, France with 20 million and Turkey with 20 million.
“Following the alleged leak of nearly 500 million WhatsApp users’ mobile phone numbers globally and this includes over nine million contacts from Nigeria.
“There is an impending danger of threat actors using these data to carry out malicious activities, thereby putting many at risk.
“Such information could be used to perpetrate cyber attacks such as smishing and vishing,’’ Umar said.
According to her, smishing involves sending unsuspecting users text messages and asking them to click on links or provide personal information which can be used to scam victims, launch attacks.
Umar said: “Vishing entails the use of phone calls, voice messages by cyber criminals to manipulate or device unsuspecting recipients into revealing sensitive information for fraudulent acts.
“In this regard, NITDA’s Computer Readiness and Response Team (NITDA-CERRT) is alerting the public, most especially instant messaging platform users to be wary of unsolicited calls, voice notes and messages from unknown numbers.
“To avoid being victims, users are to enable two-factor authentication on your instant messaging app.
“Do not reveal personal information on your profile and do not respond to requests from untrusted or unknown contacts asking for personal data, passwords or other verification code through messages or calls.’’
Umar urged the public to contact CERRT.ng on firstname.lastname@example.org or call +234 817 877 4580 for more enquiries.