The government has said that the personal data of 20 WhatsApp users out of the 121 users targeted using Pegasus spyware may have been accessed by the attacker. Facebook-owned Whatsapp had said that Indian journalists and human rights activists were among those globally spied upon by unnamed entities using Pegasus spyware. "WhatsApp continues to review the available information. It also mentioned that WhatsApp believes it is likely that personal data within the WhatsApp app of approximately twenty users may have been accessed out of approximately one hundred and twenty-one users in India whose devices the attacker attempted to reach," Prasad said in Lok Sabha. On May 20, WhatsApp reported an incident to the country's cybersecurity watchdog CERT-IN, stating that it had identified and promptly fixed a vulnerability that could enable an attacker to insert and execute code on mobile devices.
WhatsApp also told CERT-In that the vulnerability could no longer be exploited to carry out attacks. Prasad said the government is committed to protecting fundamental rights of citizens, including the right to privacy. "The government operates strictly as per provisions of law and laid down protocols. There are adequate safeguards to ensure that no innocent citizen is harassed or his privacy breached," he said. In response to another question on malicious mobile apps stealing user data, the minister said the propagation of such applications, targeting mobile phones, are being reported globally.
"Such malicious applications could be used for stealing data from infected mobile phones for further misuse by cybercriminals," Prasad said. The government has taken several measures to check malicious apps which include the issue of alerts and advisories about threats and vulnerabilities affecting mobile phones, along with countermeasures by the Indian Computer Emergency Response Team (CERT-In), he said. "Security tips have been published to enable users to secure their mobile and smartphones by CERT-In. Government has operationalised the Cyber Swachhta Kendra (CSK) to enable detection and cleaning of malicious code including from mobile and smartphones," Prasad added.