New Delhi: WhatsApp informed India’s IT Ministry in September 2019 that the personal data of 20 Indian users may have been accessed by the attacker that used the NSO Group’s spyware.
This is 20 out of the 121 users whose devices the “attacker attempted to reach”, IT minister Ravi Shankar Prasad told parliament in a written reply on Wednesday.
The new revelations come in response to a question raised by DMK’s Dayanidhi Maran, who asked whether the government has assessed the extent of the privacy breach in the recent WhatsApp-Pegasus snooping case.
“On May 20, 2019 WhatsApp reported an incident to the Indian Computer Emergency Response Team (CERT-In) wherein it mentioned that WhatsApp identified and promptly fixed a vulnerability that could enable an attacker to insert and execute code on mobile devices and that the vulnerability can no longer be exploited to carry out the attack,” the IT minister noted in his response.
Also read: Israeli Spyware: India Turns to WhatsApp For Answers, But What Should We Really Be Asking?
“On September 5, 2019 WhatsApp wrote to CERT-In mentioning update to the security incident reported in May 2019, that while the full extent of this attack may never be known, WhatsApp continues to review the available information,” he added.
More importantly though, Prasad this time disclosed new information regarding the September 2019 update given by WhatsApp. The IT minister noted that out of 121 targets, the attacker may have been successful in accessing the data of 20 users.
“It also mentioned that WhatsApp believes it is likely that personal data within the WhatsApp app of approximately twenty users may have been accessed out of approximately 121 users in India whose devices the attacker attempted to reach,” Prasad said.