A security breach on the popular private messaging app WhatsApp may have originated from a government entity. Sources at WhatsApp also believe the breach was made with privately developed surveillance technology, and that its intended target may have been human rights groups. WhatsApp referred the breach to U.S. Department of Justice.
The company said only a “select number of users were targeted through this vulnerability by an advanced cyber actor.” WhatsApp did not disclose how many users’ data was accessed in the breach.
WhatsApp has already created a new version of the app which fixes the security hole that enabled the breach. The company is encouraging all users to download this latest version of the app “out of an abundance of caution.”
WhatsApp, which is owned by Facebook, has monthly user traffic of up to 1.5 billion people. One of the app’s selling points has always been its security and privacy, with messages undergoing end-to-end encryption so that third parties — even WhatsApp itself — cannot access the data exchanged in user messages.
The company itself has expressed deep concern about the incident, especially because the targets seemed to be activists for vulnerable groups.
“We’re working with human rights groups on learning as much as we can about who may have been impacted from their community. That’s really where our highest concern is,” a WhatsApp’s spokesperson said to Reuters.