WhatsApp accounts could be deactivated simply by sending a request from any email address, so long as the attacker knew the associated phone number. Going forward, the account deactivation process now involves a follow-up message that requests verification of ownership of the associated phone number.
The WhatsApp GDPR violations pertain to Article 12 and 13(1)(c) requirements that platform users be clearly informed of the legal basis under which their personal information is being collected.
Threat actor is offering the alleged WhatsApp data leak for a relatively low cost, dividing it up by country of origin and offering each package for prices in the range of several thousand dollars via a dark web forum.
The legal battle between Facebook-owned WhatsApp and the Indian government is a bit of a high-stakes game of chess determining both global consumer privacy and the sovereignty of tech companies to build such privacy on their own platforms.
WhatsApp will soon roll out end-to-end encryption for chat backups, shutting down a favorite loophole exploited by law enforcement agencies, and giving WhatsApp an edge of market appeal.
The Irish DPC has taken some heat for perceived softness in issuing GDPR fines to Big Tech. A $267 million fine issued to WhatsApp is the first substantial amount that the Irish regulator has assessed, but it comes amidst accusations and criticism.
Contentious WhatsApp privacy update has caused new consumer complaints to be filed by watchdog groups, which say that users are being unfairly pressured into accepting.
Recent rules passed in India that threaten end-to-end encryption are being challenged in court by WhatsApp. New "traceability" rules require social media platforms with at least five million users to be able to identify the originator of a message.