(844) 627-8267 | Info@NationalCyberSecurity
(844) 627-8267 | Info@NationalCyberSecurity

Hong Kong hack attack on schools and social services’ WhatsApp accounts compromises details of almost 900 people | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

Almost 900 Hong Kong people were victims of data breaches over the last month after fraudsters hijacked the WhatsApp accounts of social services and schools, the city’s privacy commissioner has revealed.

The Office of the Privacy Commissioner for Personal Data on Thursday said that fraudsters had hacked the WhatsApp accounts of five social welfare services and schools and impersonated the organisations in a bid to defraud people in their address books.

The news came as the Hong Kong Computer Emergency Response Team Coordination Centre warned of a rise in phishing traps designed to target instant messaging platforms such as WhatsApp.

The privacy commissioner said details, including names and mobile phone numbers, for service users, school staff, parents and pupils were believed to have been compromised in the latest attack.

The privacy commissioner’s office has warned of a breach of WhatsApp accounts run by schools and social services. Photo: Jelly Tse

Officials added that the organisations involved had notified the people affected by the fraudsters.

The privacy commissioner’s office explained WhatsApp hijacking happened when fraudsters impersonated friends and relatives, or used fake WhatsApp websites, to obtain telephone numbers and app registration codes.

Once the fraudsters gain access to an account, they try to swindle money or access personal information by messaging the victim’s contacts.

The computer emergency response team added hackers could also create counterfeit login web pages with QR codes that could be used to access victims’ accounts.

It added that the hackers used paid advertisements so the fake pages would appear high up on search engine pages.

Hong Kong’s technology chief condemns hacking attack on Cyberport

If a user scanned the QR code, hackers could gain access to the victim’s account, photos, videos, documents, chat records, and contact book details.

Hackers could also assume the identity of the victim, and use the account access to send messages to contacts, such as requesting fund transfers.

The cybersecurity experts appealed to the public to always verify the URLs of instant messaging platforms before they logged in and to avoid clicking on links from unknown sources such as search engine advertisements.

It added people should check for unknown devices being linked to their accounts and routinely check archive folders for malicious records.

Head of Hong Kong consumer watchdog apologises over potential personal data leak

If someone fears their personal details may have leaked, they can file a complaint with the privacy commissioner’s office.

The Post has contacted Meta, WhatsApp’s parent company, for comment on the latest data breaches.

WhatsApp was last year involved in a data scandal after online publication Cybernews reported that the mobile phone numbers of nearly 500 million users, including as many as 3 million in Hong Kong, had been compromised and listed for sale on a prominent online hacking forum.

But Meta denied the allegations and insisted the report was “speculative” and “unsubstantiated”.

The company added it had found no evidence of a data leak on WhatsApp systems.


Click Here For The Original Story From This Source.

National Cyber Security