tech2 News StaffJun 08, 2020 14:09:51 IST
An independent cybersecurity researcher, Athul Jayaram, has revealed that due to a privacy issue, WhatsApp numbers of users from the US, UK, India and many other countries have been leaked and are available on the open web in plain text.
Jayaram revealed this in a post on Medium. He claims that around 29,000-3,00,000 WhatsApp user's mobile numbers are now accessible in plain text to any internet user.
Your Whatsapp number may be leaked in the open web, they don’t care do you? https://t.co/Ku7CfbNIvV #whatsapp #bugbountytips #privacy #security
— Athul Jayaram (@athuljayaram) June 6, 2020
He explains that WhatsApp offers a Click to Chat feature that lets users create a link that can be shared anywhere like Twitter and just by clicking at that link, anyone can contact them on WhatsApp. Because of the privacy loophole, the feature was reportedly putting phone numbers of users at a risk by allowing Google Search to index the links. As a consequence, these phone numbers can show up in Google Search.
He says anyone including cybercriminals, fraudsters, and marketing executives can get a hold of these numbers by putting a simple Google Search query: site:wa.me<+country code>. They can even look at your WhatsApp display picture and status if you have made them public.
We reached out to WhatsApp to learn more about the security issue. A company spokesperson said, "Our Click to Chat feature, which lets users create a URL with their phone number so that anyone can easily message them, is used widely by small and microbusinesses around the world to connect with their customers. While we appreciate this researcher’s report and value the time that he took to share it with us, it did not qualify for a bounty since it merely contained a search engine index of URLs that WhatsApp users chose to make public. All WhatsApp users, including businesses, can block unwanted messages with the tap of a button.”
How can this be avoided?
Meanwhile, Jayaram also offered a solution to the issue.
"This privacy issue could have been avoided if WhatsApp encrypted the user mobile numbers as well as by adding a robots.txt file disallowing the bots from crawling their domain and a meta noindex tag on the pages, unfortunately, they did not do that yet and your privacy may be at stake."
Find latest and upcoming tech gadgets online on Tech2 Gadgets. Get technology news, gadgets reviews & ratings. Popular gadgets including laptop, tablet and mobile specifications, features, prices, comparison.