Technology
How 3.5B WhatsApp numbers were scraped and exposed
NEWYou can now listen to Fox News articles!
Most major platforms have dealt with large-scale data leaks tied to weak or unprotected APIs. You’ve seen this play out with Facebook, X and even Dell.
The pattern is always the same. A feature meant to make life easier becomes a gateway for bulk data collection.
WhatsApp is now part of that list after researchers managed to scrape 3.5 billion phone numbers by exploiting a simple gap in the app’s contact-discovery system.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
How the researchers scraped 3.5B WhatsApp numbers
WHATSAPP BANS 6.8M SCAM ACCOUNTS, LAUNCHES SAFETY TOOL
Researchers discovered that weak API limits made it possible to scrape billions of WhatsApp numbers. (Getty Images)
As reported by Bleeping Computer, the entire incident started with WhatsApp’s GetDeviceList API. This is the endpoint the app uses when you add a number to your contacts. It tells WhatsApp to check if that number has an account and what devices are linked to it. The problem was that the API had no meaningful rate limiting. In simple terms, the system didn’t slow down or block repeated requests, which opened the door for mass enumeration.
Researchers from the University of Vienna and SBA Research decided to test how far they could push this. Using only five authenticated sessions and a single university server, they started hammering WhatsApp’s servers with queries. They expected to get blocked fast, but WhatsApp didn’t react at all.
That’s how they were able to check more than 100 million phone numbers per hour. After generating a global pool of 63 billion possible mobile numbers, they ran the list through the API and confirmed 3.5 billion active WhatsApp accounts.
Researchers managed to scrape more than just phone numbers
The researchers didn’t stop at confirming account existence. They used other WhatsApp endpoints like GetUserInfo, GetPrekeys and FetchPicture to pull more details. This included profile photos, “about” text, device information and public keys. A test run in the United States alone downloaded 77 million profile photos without hitting any limits, many with clear images of people’s faces. Public “about” sections often revealed personal info or links to other profiles. When compared to Facebook’s 2021 scrape, they found that 58% of leaked Facebook numbers were still active on WhatsApp years later. That’s what makes phone-number leaks so damaging. They stay useful to attackers long after the initial breach.
RUSSIAN LAWMAKERS CLAIM WHATSAPP IS A NATIONAL SECURITY THREAT, SHOULD PREPARE TO LEAVE THE COUNTRY
It’s important to note that this study was done by researchers who haven’t released the data. They also reported the issue to WhatsApp. The company has since added rate-limiting protections to prevent similar abuse from happening again. Still, the findings show how easily threat actors could have done the same thing if they had found the loophole first.
Why this keeps happening across major platforms
Weak or nonexistent API rate limits have caused several major data leaks in recent years, and WhatsApp isn’t the only example. In 2021, attackers abused Facebook’s “Add Friend” feature by uploading contact lists and checking which numbers matched active accounts. The API lacked proper safeguards, so they scraped 533 million profiles. Meta later confirmed the incident as automated scraping, and the Irish DPC fined the company €265 million.
Twitter had a similar problem when attackers used an API bug to match phone numbers and email addresses to 54 million accounts. Dell also reported that 49 million customer records were scraped after attackers took advantage of an unprotected API endpoint.
All of these cases share the same root cause. APIs that allow account lookups or data queries end up being easy to attack when they don’t limit how often someone can access them. One unchecked feature can turn into a pipeline for mass data collection.
7 steps you can take to keep your WhatsApp data safe
If your phone number ends up in one of these massive scrapes, you can’t pull it back, but you can make sure it’s far less useful to anyone trying to target you. Here are a few steps that help you stay safer.
1) Use two-factor authentication
Turn on 2FA for WhatsApp and every other important account. Even if someone has your number, they can’t break in without that second verification step. It also protects you from SIM-swap attempts since thieves can’t access your accounts with just a password.
A simple automated script pulled phone data at a massive scale without triggering alerts. (eyecrave productions/Getty Images)
2) Use a password manager
A password manager keeps every login unique. If attackers try to pair your scraped number with credential-stuffing attacks, reused passwords won’t give them an easy win. Strong, random passwords shut down a whole category of automated attacks.
Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.
3) Remove your data from public databases
Opt out of data brokers and people-search sites when you can. The less public information attackers can tie to your number, the harder it is for them to craft convincing phishing messages or identity-based scams.
While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
IS YOUR FRIEND’S PHONE NUMBER COMPROMISED? HERE’S WHAT TO LOOK FOR
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.
4) Limit what you share in profile bios
Keep your WhatsApp “about” text minimal. Avoid details like job titles, hometowns, or links to other accounts. Scraped phone numbers often get paired with publicly visible bios to build fuller profiles for scams.
5) Tighten your privacy settings
Adjust who can see your profile photo, last-seen and status. Setting these to “Contacts only” or “Nobody” prevents strangers from pulling more personal info once they have your number. To tighten your privacy settings on WhatsApp on iPhone or Android, follow these steps:
- Open WhatsApp on your phone on your phone.
- Go to Settings: On iPhone, tap the “Settings” gear icon at the bottom right. On Android, tap the three vertical dots in the top-right corner, then select “Settings.”
- Tap “Account.”
- Tap “Privacy.”
- Adjust the privacy options below to control who can see your personal info:
- Last Seen & Online: Tap “Last Seen & Online” and choose “My Contacts” or “Nobody” to restrict who sees your last active status.
- Profile Photo: Tap “Profile Photo” and select “My Contacts” or “Nobody” to prevent strangers from viewing your profile picture.
- About: Tap “About” and pick “My Contacts” or “Nobody” to limit who can see your About info.
- Status: Tap “Status,” then select “My Contacts,” “My Contacts Except…,” or “Only Share With…” to control who can view your status updates.
These changes prevent people not in your contacts or strangers from pulling personal details from your WhatsApp profile, enhancing your privacy effectively on either iPhone or Android devices.
Because the system lacked proper rate-limiting, the scraping continued undetected for months. (Kurt Knutsson)
6) Install strong antivirus software
A lot of phishing and malware campaigns start with scraped numbers. Strong antivirus software can block malicious links, detect harmful downloads and warn you when something looks suspicious.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.
7) Be cautious with unknown calls and messages
Treat unexpected messages with more suspicion. Don’t click links, don’t share OTPs, and don’t respond to anyone asking for verification codes. Once numbers are scraped, scammers ramp up spam and impersonation attempts.
Kurt’s key takeaway
WhatsApp might have fixed the issue, but the bigger problem is still out there. Any platform that exposes an API without proper rate limits is leaving a window open for someone with the right tools and enough time. This scrape shows you how quickly that window can turn into a firehose of personal data. Until API security becomes a priority across the board, you’ll keep seeing leaks like this repeat on bigger and bigger scales.
Do you think apps should be legally required to enforce strict API limits? Let us know by writing to us at Cyberguy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
Copyright 2025 CyberGuy.com. All rights reserved.
Technology
Sony’s PlayStation disc factory is already being repurposed
The video game disc is dead, and Sony’s been planning to kill it for some time, according to a report out of Austria. The man who leads Sony’s discmaking operations, Sony DADC president Dietmar Tanzer, told ORF Salzburg that the company’s Thalgau plant produces 600,000 discs every day, half of which are for PlayStation. But since it’ll only be making 10 percent of that volume in 2028, it’s planning to retrain all 300 employees to work on optical microlenses instead.
Thalgau isn’t just one of Sony’s disc plants. It’s where the disc-making division is headquartered, and appears to be its only remaining wholly owned disc manufacturing facility. Sony made discs in the United States for decades, originally in Terre Haute, Indiana and later in New Jersey, but it closed the latter plant in 2011 and moved all manufacturing from Indiana to Thalgau in 2022. Today, the Indiana facility markets itself to automakers who need help packaging and assembling headlights and the like instead.
This transition didn’t happen overnight. A behind-the-scenes video from December 2024 shows that the Thalgau plant was already working on microlenses as of then:
Those lenses, too, are created using discs:
ORF Salzburg writes that Sony has now invested €30 million to manufacture these microlenses, and that mass production may begin “as early as next year.”
Microlenses are theoretically used in all kinds of emerging applications where you might want to bend light, including headsets, but it appears that Sony may cater to automakers here, too. The head of Sony’s micro optics division gave ORF Salzburg the example of “a car turn signal that is projected onto asphalt.”
All of this is to say: Sony didn’t make this decision in a hurry, and it isn’t likely to change its mind despite the predictable backlash. It’s been winding down disc manufacturing for decades, and it’s ripping off one last band-aid with PlayStation.
According to Sony DADC’s website, it has produced over 26.4 billion discs to date — the vast majority, 23 billion of them, were made between 1983 and 2022 in Terre Haute, Indiana.
Technology
New sodium-ion battery could reshape grid storage
This is how light can be used to transmit data
At Coherent’s Sherman, Texas facility, CEO Jim Anderson and NVIDIA CEO Jensen Huang detail how their plant is at the forefront of AI innovation. They describe using light to efficiently transmit data for AI data centers, explaining the technology to Will Cain. Coherent is set to quadruple its output by next year, demonstrating rapid growth.
NEWYou can now listen to Fox News articles!
A new sodium-ion battery from Chinese battery giant CATL could eventually affect something much closer to home: the power grid that keeps your lights on. CATL has introduced its TENER Sodium Energy Storage System. The company says it is the world’s first field-validated sodium-ion energy storage system ready for commercial use.
Think big energy project, not phone upgrade. This battery is built for large storage sites that can support the grid. That kind of storage is getting more attention as electricity demand rises. AI data centers use a lot of power. Heat waves can strain local grids. Solar and wind power also need storage so electricity is available when people need it.
However, CATL has not announced a specific U.S. launch for this system. So, this is more about where grid storage may be headed than what your local utility will install tomorrow.
FOX NEWS POLL: VOTERS SEE AI REGULATION AS URGENT, RANK SAFEGUARDS AHEAD OF INNOVATION
CATL unveiled its TENER Sodium Energy Storage System in Munich as sodium-ion batteries move closer to commercial grid storage. (CATL)
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
New sodium-ion battery targets grid storage
CATL just launched the TENER Sodium Energy Storage System in Munich, Germany. The company says cumulative shipments should reach 1 gigawatt-hour by the end of 2026. Deliveries in China are expected to start in September 2026. Global deliveries are scheduled to begin in June 2027.
That timeline shows sodium-ion batteries are moving closer to commercial use. The system is designed for stationary storage. In other words, it could help store electricity from solar farms, wind projects or other power sources for later use.
That becomes important when demand jumps during hot afternoons or renewable power drops later in the day.
Sodium-ion battery storage could ease lithium pressure
Most large battery storage projects today use lithium-based systems. Lithium works well, but supply chains can be tight. Prices can also move when demand climbs. CATL says sodium is more than 1,000 times more common than lithium. The company also says sodium is widely distributed around the world.
That could make sodium-ion batteries attractive for grid storage. These batteries do not need to be tiny enough for a phone or light enough for an electric car.
CATL isn’t saying sodium will replace lithium overnight. Instead, the company says sodium and lithium could work together in future energy storage systems.
For you, the larger point is choice. More battery options could help energy companies reduce their dependence on a single material.
AI BOOM: DEMAND FOR DATA CENTERS DRIVES INNOVATION BY ENERGY, TECH INDUSTRIES TO PRODUCE NEW POWER SOURCES
CATL says the battery fits existing systems
One of CATL’s bigger claims is that TENER Sodium can fit into existing lithium iron phosphate energy storage platforms. CATL says the system shares the same physical footprint as LFP systems. That could help developers avoid changing enclosures, redesigning projects or repeating certification steps.
The system delivers more than 30 megawatt-hours of rated capacity. CATL says each module weighs about 42 metric tons, or about 46 U.S. tons. The company says only 34 units are needed for a 1-gigawatt-hour storage site. The modular design also supports flexible storage durations of 1, 2, 4, 6 and 8 hours. That gives developers more room to tailor projects based on local power needs.
Sodium-ion battery design can handle tough conditions
The TENER Sodium system is built for large energy projects, not home use, with modules designed to store power for the grid. (CATL)
Battery storage has to work in places that get brutally hot or freezing cold. CATL says TENER Sodium is designed for better extreme-temperature performance, enhanced safety and lower operating costs. The company also says its battery management system gives the sodium-ion system an additional 20 percent safety margin compared with lithium-ion batteries.
The system also uses a top-discharge airflow design that CATL says reduces heat generation by nearly 30 percent compared with conventional systems. CATL says auxiliary power consumption drops from the industry average of 2 percent to 1 percent.
That could be useful for large grid storage projects, especially in places where heat, storms or heavy power demand can strain local systems. CATL also says TENER Sodium operates at only 65 decibels, which is 10 decibels lower than conventional systems. That could help address local concerns when battery storage sites are built closer to where power is needed.
Sodium-ion battery shipments signal commercial momentum
CATL says TENER Sodium has reached full commercial maturity across technology, production capacity and supply chain readiness. The company says it has worked on sodium-ion battery research and development since 2016. CATL also says it has invested about $1.4 billion, depending on exchange rates, over the past decade.
CATL has expanded sodium-ion production lines at its Fuding base in China. The company says that adds 40 gigawatt-hours of annual capacity. Another planned base in Jining, Shandong, could support 160 gigawatt-hours of sodium-ion battery production capacity. CATL also says it signed a three-year, 60-gigawatt-hour sodium-ion energy storage order with HyperStrong in April 2026. The company described it as the world’s largest sodium-ion commercial contract.
Those numbers show CATL is treating sodium-ion storage as a serious commercial product. That said, U.S. adoption is a separate question. American utilities, regulators and developers would still need to weigh cost, performance, supply chain risk and security concerns.
What this means to you
This sodium-ion battery system may never be something you buy directly. However, the technology behind it could still affect how electricity gets stored and delivered. If sodium-ion storage proves reliable, it could give energy companies another way to support the grid. That may become more important as AI data centers increase electricity demand.
Better storage can help utilities use power more efficiently. It can also help balance supply when demand rises quickly. Still, there are limits. A new battery chemistry will not fix old transmission lines, slow permitting or local grid bottlenecks by itself.
The real takeaway is that sodium-ion batteries could become part of the grid storage mix. They are not a magic fix, but they could help energy companies build more flexible storage projects.
Watch the CyberGuy Live replay: Lock Down Your Phone in 30 Minutes
Your phone holds your email, passwords, photos, banking apps and personal data. In this free CyberGuy Live replay, Kurt the CyberGuy walks you step by step through simple phone security fixes you can do at your own pace. You’ll learn how to improve your privacy settings, spot the latest phone scams, use trusted security tools and walk away with a simple checklist to stay protected. Watch the replay and get our checklist here: CyberGuyLive.com.
Kurt’s key takeaways
CATL’s new sodium-ion battery may sound like a faraway energy story, especially since there is no announced U.S. rollout yet. Still, it is important because the grid is under growing pressure from AI data centers, extreme weather and the need to store more renewable power. What stands out is the use of sodium, which CATL says is far more common than lithium. If this technology proves reliable in major energy projects, it could give utilities another way to store power and keep the grid steadier when demand spikes.
Would you be comfortable with Chinese-made battery systems supporting part of the U.S. electric grid if they helped make power more reliable? Let us know by writing to us at CyberGuy.com.
CATL says sodium is far more common than lithium, which could give energy companies another storage option as electricity demand rises. (CATL)
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
Copyright 2026 CyberGuy.com. All rights reserved.
Technology
Tesla driver faces manslaughter charges over Texas crash that killed a woman inside her home
On the video, I saw BUTLER’s Tesla continue to increase in speed, and saw the amount of pressure being applied to the accelerator pedal also increase in speed. In about six (6) seconds, the accelerator pedal was pressed all the way down to 100%, “pedal to the metal,” and the vehicle reached a speed of 73 miles per hour, more than double the speed limit on that residential street. The Tesla continued straight towards the middle of the cul-de-sac, struck the curb of the complainant’s driveway, and went airborne towards the front of the home… I noted that the brake pedal was never pressed in the final minute before the crash.”
-
Lifestyle32 seconds agoL.A. Affairs: He wanted L.A. I wanted New York. A panic attack changed everything
-
Politics4 minutes agoTrump refashions America’s 250th as a celebration of himself
-
Sports19 minutes agoHow Dodgers’ Max Muncy, vying for his third All-Star selection, continues to evolve
-
World31 minutes agoGermany’s Merz defends NATO spending after Trump calls it ‘ridiculous’
-
News54 minutes agoOregon ER doctors win a ‘David and Goliath’ battle against a national company
-
Videos2 hours agoIran gets ready for Khamenei’s funeral • FRANCE 24 English
-
Los Angeles, Ca2 hours ago2 arrested after 3 LASD deputies injured during East L.A. World Cup celebration
-
Detroit, MI3 hours agoEx-girlfriend in custody after Taylor man found fatally stabbed, police say