WhatsApp was hacked, and attackers installed sophisticated spyware on an unknown number of people’s smartphones.
The Facebook subsidiary, which has 1.5 billion users, said it discovered in early May that “an advanced cyber actor” infected an unknown number of devices with the malware.
The Financial Times, which first reported on the issue on Monday, said bad actors exploited a vulnerability to install the surveillance technology by calling the target through WhatsApp, giving them access to information including location data and private messages. Even if the target didn’t pick up, the malware was able to infect the phone.
The FT reported that the spyware was developed by Israel’s NSO Group, whose Pegasus software is known to have targeted human-rights activists. In a statement to the FT, the firm denied any involvement in the WhatsApp hack.
“This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems,” WhatsApp said in a statement to the FT.
“We have briefed a number of human rights organisations to share the information we can, and to work with them to notify civil society.”
In a statement sent to Business Insider, a spokesman added: “WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices. We are constantly working alongside industry partners to provide the latest security enhancements to help protect our users.”
A notice on Facebook said the issue affected Android phones, iPhones, and Windows phones. An update to resolve the issue was released on Monday, and users are being urged to update regardless of whether they have had any suspicious call activity.
Citing a source, the FT reported that the US Department of Justice was notified about the hack last week.