Cybersecurity researcher claims WhatsApp privacy issue made users' phone numbers searchable in plain text on Google
Anyone including fraudsters, marketing executives, cybercriminals can get hold of your phone number with a simple Google Search.
An independent cybersecurity researcher, Athul Jayaram, has revealed that due to a privacy issue, WhatsApp numbers of users from the US, UK, India and many other countries have been leaked and are available on the open web in plain text.
Jayaram revealed this in a post on Medium. He claims that around 29,000-3,00,000 WhatsApp user's mobile numbers are now accessible in plain text to any internet user.
— Athul Jayaram (@athuljayaram) June 6, 2020
He explains that WhatsApp offers a Click to Chat feature that lets users create a link that can be shared anywhere like Twitter and just by clicking at that link, anyone can contact them on WhatsApp. Because of the privacy loophole, the feature was reportedly putting phone numbers of users at a risk by allowing Google Search to index the links. As a consequence, these phone numbers can show up in Google Search.
He says anyone including cybercriminals, fraudsters, and marketing executives can get a hold of these numbers by putting a simple Google Search query: site:wa.me<+country code>. They can even look at your WhatsApp display picture and status if you have made them public.
We reached out to WhatsApp to learn more about the security issue. A company spokesperson said, "Our Click to Chat feature, which lets users create a URL with their phone number so that anyone can easily message them, is used widely by small and microbusinesses around the world to connect with their customers. While we appreciate this researcher’s report and value the time that he took to share it with us, it did not qualify for a bounty since it merely contained a search engine index of URLs that WhatsApp users chose to make public. All WhatsApp users, including businesses, can block unwanted messages with the tap of a button.”
How can this be avoided?
Meanwhile, Jayaram also offered a solution to the issue.
"This privacy issue could have been avoided if WhatsApp encrypted the user mobile numbers as well as by adding a robots.txt file disallowing the bots from crawling their domain and a meta noindex tag on the pages, unfortunately, they did not do that yet and your privacy may be at stake."
Subscribe to Moneycontrol Pro at ₹499 for the first year. Use code PRO499. Limited period offer. *T&C apply
The hackers had unfettered access to the data and email of at least nine US government agencies and about 100 private companies, with the full extent of the compromise still unknown
The idea of ‘Atmanirbhar Bharat’ has caused a spike in the number of made-in-India apps that are nothing but a copy of the originals, which have either been developed or are based overseas.
Facebook says hate speech content on its platforms declined to 7-8 views for every 10,000 content views globally.