Cybersecurity researcher claims WhatsApp privacy issue made users' phone numbers searchable in plain text on Google

Anyone including fraudsters, marketing executives, cybercriminals can get hold of your phone number with a simple Google Search.

tech2 News Staff June 08, 2020 14:09:51 IST
Cybersecurity researcher claims WhatsApp privacy issue made users' phone numbers searchable in plain text on Google

An independent cybersecurity researcher, Athul Jayaram, has revealed that due to a privacy issue, WhatsApp numbers of users from the US, UK, India and many other countries have been leaked and are available on the open web in plain text.

Jayaram revealed this in a post on MediumHe claims that around 29,000-3,00,000 WhatsApp user's mobile numbers are now accessible in plain text to any internet user.

Cybersecurity researcher claims WhatsApp privacy issue made users phone numbers searchable in plain text on Google

Image: Reuters

He explains that WhatsApp offers a Click to Chat feature that lets users create a link that can be shared anywhere like Twitter and just by clicking at that link, anyone can contact them on WhatsApp. Because of the privacy loophole, the feature was reportedly putting phone numbers of users at a risk by allowing Google Search to index the links. As a consequence, these phone numbers can show up in Google Search.

He says anyone including cybercriminals, fraudsters, and marketing executives can get a hold of these numbers by putting a simple Google Search query: site:wa.me<+country code>. They can even look at your WhatsApp display picture and status if you have made them public.

Cybersecurity researcher claims WhatsApp privacy issue made users phone numbers searchable in plain text on Google

Image: Medium

We reached out to WhatsApp to learn more about the security issue. A company spokesperson said, "Our Click to Chat feature, which lets users create a URL with their phone number so that anyone can easily message them, is used widely by small and microbusinesses around the world to connect with their customers. While we appreciate this researcher’s report and value the time that he took to share it with us, it did not qualify for a bounty since it merely contained a search engine index of URLs that WhatsApp users chose to make public. All WhatsApp users, including businesses, can block unwanted messages with the tap of a button.”

How can this be avoided?

Meanwhile, Jayaram also offered a solution to the issue.

"This privacy issue could have been avoided if WhatsApp encrypted the user mobile numbers as well as by adding a robots.txt file disallowing the bots from crawling their domain and a meta noindex tag on the pages, unfortunately, they did not do that yet and your privacy may be at stake."

Updated Date:

Subscribe to Moneycontrol Pro at ₹499 for the first year. Use code PRO499. Limited period offer. *T&C apply

also read

Suspected Russian hack in Texas-based SolarWinds fuels new US action on cybersecurity
World

Suspected Russian hack in Texas-based SolarWinds fuels new US action on cybersecurity

The hackers had unfettered access to the data and email of at least nine US government agencies and about 100 private companies, with the full extent of the compromise still unknown

App-ology: 10 apps masquerading as genuine alternatives to crowd-favourite apps
News &amp; Analysis

App-ology: 10 apps masquerading as genuine alternatives to crowd-favourite apps

The idea of ‘Atmanirbhar Bharat’ has caused a spike in the number of made-in-India apps that are nothing but a copy of the originals, which have either been developed or are based overseas.

Facebook took down 26.9 million pieces of hate speech content in the December 2020 quarter
News &amp; Analysis

Facebook took down 26.9 million pieces of hate speech content in the December 2020 quarter

Facebook says hate speech content on its platforms declined to 7-8 views for every 10,000 content views globally.