Hong Kong hack attack on schools and social services’ WhatsApp accounts compromises details of almost 900 people | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

The Office of the Privacy Commissioner for Personal Data on Thursday said that fraudsters had hacked the WhatsApp accounts of five social welfare services and schools and impersonated the organisations in a bid to defraud people in their address books.

The news came as the Hong Kong Computer Emergency Response Team Coordination Centre warned of a rise in phishing traps designed to target instant messaging platforms such as WhatsApp.

The privacy commissioner said details, including names and mobile phone numbers, for service users, school staff, parents and pupils were believed to have been compromised in the latest attack.

Officials added that the organisations involved had notified the people affected by the fraudsters.

The privacy commissioner’s office explained WhatsApp hijacking happened when fraudsters impersonated friends and relatives, or used fake WhatsApp websites, to obtain telephone numbers and app registration codes.

Once the fraudsters gain access to an account, they try to swindle money or access personal information by messaging the victim’s contacts.

The computer emergency response team added hackers could also create counterfeit login web pages with QR codes that could be used to access victims’ accounts.

It added that the hackers used paid advertisements so the fake pages would appear high up on search engine pages.

Hong Kong’s technology chief condemns hacking attack on Cyberport

If a user scanned the QR code, hackers could gain access to the victim’s account, photos, videos, documents, chat records, and contact book details.

Hackers could also assume the identity of the victim, and use the account access to send messages to contacts, such as requesting fund transfers.

It added people should check for unknown devices being linked to their accounts and routinely check archive folders for malicious records.

Head of Hong Kong consumer watchdog apologises over potential personal data leak

If someone fears their personal details may have leaked, they can file a complaint with the privacy commissioner’s office.

The Post has contacted Meta, WhatsApp’s parent company, for comment on the latest data breaches.

WhatsApp was last year involved in a data scandal after online publication Cybernews reported that the mobile phone numbers of nearly 500 million users, including as many as 3 million in Hong Kong, had been compromised and listed for sale on a prominent online hacking forum.

But Meta denied the allegations and insisted the report was “speculative” and “unsubstantiated”.

The company added it had found no evidence of a data leak on WhatsApp systems.