Technology
How 3.5B WhatsApp numbers were scraped and exposed
NEWYou can now listen to Fox News articles!
Most major platforms have dealt with large-scale data leaks tied to weak or unprotected APIs. You’ve seen this play out with Facebook, X and even Dell.
The pattern is always the same. A feature meant to make life easier becomes a gateway for bulk data collection.
WhatsApp is now part of that list after researchers managed to scrape 3.5 billion phone numbers by exploiting a simple gap in the app’s contact-discovery system.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
How the researchers scraped 3.5B WhatsApp numbers
WHATSAPP BANS 6.8M SCAM ACCOUNTS, LAUNCHES SAFETY TOOL
Researchers discovered that weak API limits made it possible to scrape billions of WhatsApp numbers. (Getty Images)
As reported by Bleeping Computer, the entire incident started with WhatsApp’s GetDeviceList API. This is the endpoint the app uses when you add a number to your contacts. It tells WhatsApp to check if that number has an account and what devices are linked to it. The problem was that the API had no meaningful rate limiting. In simple terms, the system didn’t slow down or block repeated requests, which opened the door for mass enumeration.
Researchers from the University of Vienna and SBA Research decided to test how far they could push this. Using only five authenticated sessions and a single university server, they started hammering WhatsApp’s servers with queries. They expected to get blocked fast, but WhatsApp didn’t react at all.
That’s how they were able to check more than 100 million phone numbers per hour. After generating a global pool of 63 billion possible mobile numbers, they ran the list through the API and confirmed 3.5 billion active WhatsApp accounts.
Researchers managed to scrape more than just phone numbers
The researchers didn’t stop at confirming account existence. They used other WhatsApp endpoints like GetUserInfo, GetPrekeys and FetchPicture to pull more details. This included profile photos, “about” text, device information and public keys. A test run in the United States alone downloaded 77 million profile photos without hitting any limits, many with clear images of people’s faces. Public “about” sections often revealed personal info or links to other profiles. When compared to Facebook’s 2021 scrape, they found that 58% of leaked Facebook numbers were still active on WhatsApp years later. That’s what makes phone-number leaks so damaging. They stay useful to attackers long after the initial breach.
RUSSIAN LAWMAKERS CLAIM WHATSAPP IS A NATIONAL SECURITY THREAT, SHOULD PREPARE TO LEAVE THE COUNTRY
It’s important to note that this study was done by researchers who haven’t released the data. They also reported the issue to WhatsApp. The company has since added rate-limiting protections to prevent similar abuse from happening again. Still, the findings show how easily threat actors could have done the same thing if they had found the loophole first.
Why this keeps happening across major platforms
Weak or nonexistent API rate limits have caused several major data leaks in recent years, and WhatsApp isn’t the only example. In 2021, attackers abused Facebook’s “Add Friend” feature by uploading contact lists and checking which numbers matched active accounts. The API lacked proper safeguards, so they scraped 533 million profiles. Meta later confirmed the incident as automated scraping, and the Irish DPC fined the company €265 million.
Twitter had a similar problem when attackers used an API bug to match phone numbers and email addresses to 54 million accounts. Dell also reported that 49 million customer records were scraped after attackers took advantage of an unprotected API endpoint.
All of these cases share the same root cause. APIs that allow account lookups or data queries end up being easy to attack when they don’t limit how often someone can access them. One unchecked feature can turn into a pipeline for mass data collection.
7 steps you can take to keep your WhatsApp data safe
If your phone number ends up in one of these massive scrapes, you can’t pull it back, but you can make sure it’s far less useful to anyone trying to target you. Here are a few steps that help you stay safer.
1) Use two-factor authentication
Turn on 2FA for WhatsApp and every other important account. Even if someone has your number, they can’t break in without that second verification step. It also protects you from SIM-swap attempts since thieves can’t access your accounts with just a password.
A simple automated script pulled phone data at a massive scale without triggering alerts. (eyecrave productions/Getty Images)
2) Use a password manager
A password manager keeps every login unique. If attackers try to pair your scraped number with credential-stuffing attacks, reused passwords won’t give them an easy win. Strong, random passwords shut down a whole category of automated attacks.
Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.
3) Remove your data from public databases
Opt out of data brokers and people-search sites when you can. The less public information attackers can tie to your number, the harder it is for them to craft convincing phishing messages or identity-based scams.
While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
IS YOUR FRIEND’S PHONE NUMBER COMPROMISED? HERE’S WHAT TO LOOK FOR
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.
4) Limit what you share in profile bios
Keep your WhatsApp “about” text minimal. Avoid details like job titles, hometowns, or links to other accounts. Scraped phone numbers often get paired with publicly visible bios to build fuller profiles for scams.
5) Tighten your privacy settings
Adjust who can see your profile photo, last-seen and status. Setting these to “Contacts only” or “Nobody” prevents strangers from pulling more personal info once they have your number. To tighten your privacy settings on WhatsApp on iPhone or Android, follow these steps:
- Open WhatsApp on your phone on your phone.
- Go to Settings: On iPhone, tap the “Settings” gear icon at the bottom right. On Android, tap the three vertical dots in the top-right corner, then select “Settings.”
- Tap “Account.”
- Tap “Privacy.”
- Adjust the privacy options below to control who can see your personal info:
- Last Seen & Online: Tap “Last Seen & Online” and choose “My Contacts” or “Nobody” to restrict who sees your last active status.
- Profile Photo: Tap “Profile Photo” and select “My Contacts” or “Nobody” to prevent strangers from viewing your profile picture.
- About: Tap “About” and pick “My Contacts” or “Nobody” to limit who can see your About info.
- Status: Tap “Status,” then select “My Contacts,” “My Contacts Except…,” or “Only Share With…” to control who can view your status updates.
These changes prevent people not in your contacts or strangers from pulling personal details from your WhatsApp profile, enhancing your privacy effectively on either iPhone or Android devices.
Because the system lacked proper rate-limiting, the scraping continued undetected for months. (Kurt Knutsson)
6) Install strong antivirus software
A lot of phishing and malware campaigns start with scraped numbers. Strong antivirus software can block malicious links, detect harmful downloads and warn you when something looks suspicious.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.
7) Be cautious with unknown calls and messages
Treat unexpected messages with more suspicion. Don’t click links, don’t share OTPs, and don’t respond to anyone asking for verification codes. Once numbers are scraped, scammers ramp up spam and impersonation attempts.
Kurt’s key takeaway
WhatsApp might have fixed the issue, but the bigger problem is still out there. Any platform that exposes an API without proper rate limits is leaving a window open for someone with the right tools and enough time. This scrape shows you how quickly that window can turn into a firehose of personal data. Until API security becomes a priority across the board, you’ll keep seeing leaks like this repeat on bigger and bigger scales.
Do you think apps should be legally required to enforce strict API limits? Let us know by writing to us at Cyberguy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
Copyright 2025 CyberGuy.com. All rights reserved.
Technology
Amazon updated 2023’s Fire HD 10 tablet with 4GB of RAM
The Fire HD 8 that launched in 2024 was the last new addition to Amazon’s budget-minded tablet lineup, but the company has quietly updated the Fire HD 10 that debuted the year before. In 2023 it was offered with multiple storage configurations that each came with 3GB of RAM, but the 32GB version now ships with 4GB of RAM, and a small price bump from $139.99 to $154.99.
The Fire HD 10 with 64GB of storage still only comes with 3GB of RAM and the other specs for both tablets remain the same, including a 10.1-inch, 1,920 x 1,200 display, a 2GHz eight-core processor, a 13-hour battery, and expandable storage through a microSD card. The refreshed version is also only available for purchase with lock screen ads, but those can be removed after the fact by paying a one-time fee. If you’ve been eyeing this tablet but don’t want to pay a $15 premium for it, Amazon still sells the original 3GB/32GB model for $139.99, but stock may sell out.
Technology
Cheap streaming box could hijack your home internet
Google general counsel explains AI-powered phishing rise
Halimah Delaine Prado, Google General Counsel, reveals the rise of AI-powered phishing scams originating from China’s ‘outsider enterprise.’ She explains how these criminals use artificial intelligence to create highly convincing fake websites, impersonating trusted brands like T-Mobile to defraud hundreds of thousands of Americans, causing millions in losses. Prado highlights Google’s strategy to combat these evolving threats.
NEWYou can now listen to Fox News articles!
That cheap streaming box promising free movies, live sports and premium channels may come with a hidden cost you never agreed to pay.
Security researchers are warning about a sprawling Android-based botnet called Popa. It has reportedly forced millions of consumer TV boxes to relay internet traffic tied to ad fraud, account takeovers and mass data scraping.
The concern goes beyond one shady app or one off-brand gadget. It points to a bigger problem sitting in living rooms across the country. Your home internet connection can be quietly used by strangers. In other words, that box connected to your TV may be doing more than streaming shows and movies.
THE TRICK TO SMOOTHER STREAMING AT HOME AND ON THE ROAD
A cheap streaming box promising free TV can secretly route stranger traffic through your home internet. (Phynart Studio/Getty Images)
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
GLOBAL SCAM CRACKDOWN LEADS TO 276 ARRESTS
What cheap streaming box malware is doing
Popa is tied to the wider Vo1d and BADBOX-style ecosystem of compromised Android-based streaming devices. These are often unofficial TV boxes sold online under countless names. Many promise access to paid movies, sports or channels for a one-time price. That should be your first warning sign.
KrebsOnSecurity reports that Popa works less like a traditional botnet built for quick attacks and more like a persistent tunneling system. It can register a device, keep encrypted connections open and route traffic through that device when needed.
So what does that mean at home? Someone else’s internet traffic can appear to come from your house.
Why residential proxy networks put your home Wi-Fi at risk
A residential proxy uses a regular home internet address to send traffic. To a website, that traffic can look like it came from an ordinary household instead of a suspicious server farm.
That makes these networks valuable for people trying to hide mass scraping, fake ad clicks, account attacks or other shady activity. It also creates a scary problem for the person who owns the Wi-Fi.
Your IP address could show up as the source, even though you had no idea anything was happening. The FBI has warned that compromised internet-connected devices can become part of BADBOX 2.0 and residential proxy services used for criminal activity. Those devices can include TV streaming boxes, digital projectors, digital picture frames and other connected gadgets.
For more on how attackers can abuse connected devices, see our report on how the FBI warned that more than 1 million Android devices were hijacked by malware.
How big the Popa Android TV botnet appears to be
The numbers are huge. Lumen’s Black Lotus Labs told Krebs that Popa averages between 1.5 million and 2.5 million distinct IP addresses each day. The system also reportedly relies on hundreds of internet addresses used to direct its activity.
Google previously said BADBOX 2.0 compromised more than 10 million uncertified devices running Android open-source software without Google’s built-in security protections. Google also said the devices were used for ad fraud and other digital crimes.
That is why this should get your attention. The box under your TV may look harmless. But if it came preloaded with sketchy streaming apps, required workarounds or promised too much for too little money, it may be putting your home network at risk.
Why the NetNut link is disputed
The Popa story also includes a major dispute. Security firms Qurium and Synthient say Popa is linked to NetNut, a residential proxy provider owned by Alarum Technologies, a publicly traded Israeli company. Synthient said its analysis found traffic associated with NetNut coming from devices running Popa.
Alarum disputes the reports. The company says the claims contain flawed conclusions and rejects the characterization of the technology as a botnet. Alarum also says its SDKs are meant for bandwidth-sharing with notice, consent and safeguards. That disagreement is important. But for everyday households, the most important point stays the same. If a device or app can route someone else’s traffic through your home connection, you need to know before you plug it in.
How smart TV apps can use your home internet
This problem goes beyond cheap Android TV boxes. Krebs cited research from Spur, a proxy-tracking service, that found some smart TV apps can include hidden tools that share your home internet connection with outside companies.
Spur said more than 42% of LG webOS apps it reviewed had these components. It also found similar components in more than 25% of Samsung Tizen apps reviewed.
In response, a Samsung spokesperson told CyberGuy, “Samsung wants to reassure our customers that the third-party residential proxy SDKs recently reported in the media cannot access, collect, or store any personal information from the TV, such as account credentials, viewing history, or personal files.”
Samsung said it has already restricted new app registrations that include those proxy functions.
“We are currently implementing strict platform-wide developer policies explicitly banning residential proxy SDKs, and we are working to identify and remove all apps currently available in our store that contain these components,” the company said.
“The privacy and security of our customers are our top priority, and we will continue to enforce our developer policies to ensure our platform remains safe and trustworthy,” the spokesperson added.
Samsung’s response sounds reassuring on personal TV data. Still, the bigger lesson is to be careful about what you install on any smart TV. Random games, free streaming apps or odd utilities can come with permissions or fine print that most people skip.
A TV remote makes it easy to click through prompts without reading much. That is important because an app may be able to use your home internet connection in ways you did not expect.
Warning signs your streaming box may be unsafe
Be careful with any streaming device that promises free access to paid content. Also watch for Android boxes advertised as “unlocked,” “fully loaded” or loaded with premium channels.
The FBI lists several warning signs, including devices that require Google Play Protect to be disabled, apps from suspicious marketplaces, generic streaming boxes from unknown brands, Android devices that lack Play Protect certification and unexplained internet traffic.
If you see one of those signs, unplug the device from power and disconnect it from Wi-Fi or Ethernet.
How to protect your home from cheap streaming box malware
The good news is you do not need to be a cybersecurity expert to lower your risk. Start with the devices connected to your TV, then work outward to your router, apps and passwords.
1) Avoid “fully loaded” streaming boxes
Do not buy cheap Android TV boxes that promise free movies, live sports or paid channels. Those deals can come with malware, backdoors or proxy software. Stick with trusted streaming platforms and certified devices from known brands. A bargain stops looking like a bargain when it puts your home network at risk.
2) Disconnect suspicious streaming devices
Unplug any no-name Android TV box, unlocked streaming device or gadget that required you to disable Google Play Protect. Then remove it from your router’s connected-device list. If unknown devices appear on your router, change your Wi-Fi password. After that, reconnect only the devices you recognize.
3) Check for Play Protect certification
If you use an Android TV device, check whether it is Play Protect certified. Uncertified Android devices may lack Google’s built-in security protections. A device that asks you to turn off security settings during setup deserves extra scrutiny. That setup step can be a major red flag.
Researchers say Popa-linked Android TV boxes may turn ordinary home Wi-Fi connections into residential proxy nodes. (skynesher/Getty Images)
4) Use only official app stores
Install apps only from official stores on your smart TV, Fire TV, Apple TV, Roku or Android TV device. Avoid sideloading, which means installing apps from outside the official app store, unless you fully trust the source. The FBI warns that unofficial marketplaces and required app downloads can increase the chance of infection.
5) Delete unused smart TV apps
Go through the apps on your smart TV and streaming devices. Remove games, utilities, free streaming apps and anything you no longer recognize. Pay close attention to apps that mention bandwidth sharing, proxy access or earning rewards from unused internet. Those tradeoffs can be buried in language most people would skip.
6) Update your router and streaming devices
Keep your router, smart TV, streaming stick and other connected devices updated. Firmware updates often fix security holes that attackers love to exploit. Also, check whether your router supports automatic updates. Turn that on if available.
7) Check your router for unknown devices
Open your router app or router admin page and look at the connected-device list. Remove anything you do not recognize. Also, watch for devices sending unusual amounts of data. A streaming box should not be creating heavy outbound traffic when no one is watching anything.
8) Change passwords used on the device
If you signed into Google, streaming apps or other accounts on a suspicious TV box, change those passwords from a trusted phone or computer. Also, sign out of those accounts on other devices when the service gives you that option. Use a trusted password manager to create and store strong, unique passwords so one compromised account does not open the door to others. Check out the best expert-reviewed password managers of 2026 at Cyberguy.com
9) Delete sketchy free VPNs and extensions
Remove free VPNs, free streaming apps, coupon extensions, unknown browser extensions and apps that offer to pay you for bandwidth. A trusted VPN can help protect your privacy online, especially on public Wi-Fi. However, a VPN will not clean an infected streaming box or stop a shady TV app from abusing your connection. Use it as one layer, not your only defense. For the best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android & iOS devices at Cyberguy.com
10) Put smart devices on a guest network
Create a separate guest or IoT network for TVs, streaming boxes, cameras, printers and other smart devices. That way, a compromised gadget has less access to your phones, laptops and personal files. Many newer routers make this fairly easy inside the router app.
11) Run a full security scan
Run a full security scan on your computers and phones with trusted security software. This can help catch malware, risky downloads and suspicious files. But let’s be real here. Do not assume antivirus software can fully clean a cheap infected TV box. The FBI has warned that some compromised devices may come with malware before purchase or pick it up during setup. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com
12) Replace the device if you are unsure
A factory reset may sound like enough, but it may fail to remove malware that came preinstalled or lives deeper in the device. If the box came from an unknown brand, pushed you toward sketchy apps or required security workarounds, replacing it is the safer move.
13) Report suspicious activity
If you believe your device or network has been compromised, report it to the FBI’s Internet Crime Complaint Center at IC3.gov. Also, contact your internet provider if you see strange traffic or get abuse notices tied to your IP address.
Kurt’s key takeaways
The scary part here is how ordinary this can look. A cheap streaming box sits under your TV, works well enough and promises free content. Meanwhile, your home internet connection may be getting rented out or abused in ways you never approved. That to me is scary because most people would never think to check whether their TV box is sending traffic in the background. They just want to watch the game or a movie. But if the device came from an unknown brand, promised free paid content or required sketchy setup steps, it deserves a serious look. The safest move is to unplug anything suspicious, use certified streaming devices and keep your smart TV apps under control. Free TV can become expensive fast when your home internet gets dragged into someone else’s scheme.
Unplug suspicious streaming devices, check your router and stick with trusted apps from official stores. (iStock)
Would you unplug a streaming box if you found out strangers might be routing their internet traffic through your home? Let us know by writing to us at Cyberguy.com
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
Copyright 2026 CyberGuy.com. All rights reserved.
Technology
Sony’s PlayStation disc factory is already being repurposed
The video game disc is dead, and Sony’s been planning to kill it for some time, according to a report out of Austria. The man who leads Sony’s discmaking operations, Sony DADC president Dietmar Tanzer, told ORF Salzburg that the company’s Thalgau plant produces 600,000 discs every day, half of which are for PlayStation. But since it’ll only be making 10 percent of that volume in 2028, it’s planning to retrain all 300 employees to work on optical microlenses instead.
Thalgau isn’t just one of Sony’s disc plants. It’s where the disc-making division is headquartered, and appears to be its only remaining wholly owned disc manufacturing facility. Sony made discs in the United States for decades, originally in Terre Haute, Indiana and later in New Jersey, but it closed the latter plant in 2011 and moved all manufacturing from Indiana to Thalgau in 2022. Today, the Indiana facility markets itself to automakers who need help packaging and assembling headlights and the like instead.
This transition didn’t happen overnight. A behind-the-scenes video from December 2024 shows that the Thalgau plant was already working on microlenses as of then:
Those lenses, too, are created using discs:
ORF Salzburg writes that Sony has now invested €30 million to manufacture these microlenses, and that mass production may begin “as early as next year.”
Microlenses are theoretically used in all kinds of emerging applications where you might want to bend light, including headsets, but it appears that Sony may cater to automakers here, too. The head of Sony’s micro optics division gave ORF Salzburg the example of “a car turn signal that is projected onto asphalt.”
All of this is to say: Sony didn’t make this decision in a hurry, and it isn’t likely to change its mind despite the predictable backlash. It’s been winding down disc manufacturing for decades, and it’s ripping off one last band-aid with PlayStation.
According to Sony DADC’s website, it has produced over 26.4 billion discs to date — the vast majority, 23 billion of them, were made between 1983 and 2022 in Terre Haute, Indiana.
-
Vermont3 minutes ago4 Burlington beaches closed due to algae blooms
-
Washington6 minutes agoIndie Films Opening July 3: ‘Young Washington’ Marches Into Theaters
-
Virginia6 minutes agoDiscarded cigarette butts spark $1.3M house fire in Virginia
-
Wisconsin18 minutes agoSoutheastern Wisconsin severe weather; cleanup underway
-
West Virginia21 minutes agoAmerica250 fireworks, events happening this weekend in North Central West Virginia
-
Wyoming26 minutes ago14 Wyoming Cowboys make Athlon All-Mountain West preseason team
-
Crypto33 minutes agoOKX Announces Direct Crypto Aid for Venezuelans Hit by Devastating Twin Earthquakes
-
Finance36 minutes agoRegions expands municipal finance business with acquisition of Montgomery’s Frazer Lanier