An independent cybersecurity researcher, Athul Jayaram, has revealed that due to a privacy issue, WhatsApp
numbers of users from the US, UK, India and many other countries have been leaked and are available on the open web in plain text.
Jayaram revealed this in a post on Medium.
He claims that around 29,000-3,00,000 WhatsApp
user's mobile numbers are now accessible in plain text to any internet user.
He explains that WhatsApp
offers a Click to Chat
feature that lets users create a link that can be shared anywhere like Twitter
and just by clicking at that link, anyone can contact them on WhatsApp
. Because of the privacy loophole, the feature was reportedly putting phone numbers of users at a risk by allowing Google Search to index the links. As a consequence, these phone numbers can show up in Google Search.
He says anyone including cybercriminals, fraudsters, and marketing executives can get a hold of these numbers by putting a simple Google Search query: site:wa.me<+country code>
. They can even look at your WhatsApp
display picture and status if you have made them public.
We reached out to WhatsApp
to learn more about the security issue. A company spokesperson said, "Our Click to Chat feature, which lets users create a URL with their phone number so that anyone can easily message them, is used widely by small and microbusinesses around the world to connect with their customers. While we appreciate this researcher's report and value the time that he took to share it with us, it did not qualify for a bounty since it merely contained a search engine index of URLs that WhatsApp users chose to make public. All WhatsApp users, including businesses, can block unwanted messages with the tap of a button."
How can this be avoided?
Meanwhile, Jayaram also offered a solution to the issue.
"This privacy issue could have been avoided if WhatsApp encrypted the user mobile numbers as well as by adding a robots.txt file disallowing the bots from crawling their domain and a meta noindex tag on the pages, unfortunately, they did not do that yet and your privacy may be at stake."
Original Source: https://www.firstpost.com/news & analysis/whatsapp-privacy-issue-leaks-user-mobile-numbers-that-are-accessible-to-any-internet-user-8459751.html