 "Cybersecurity researcher claims WhatsApp privacy issue made users' phone numbers searchable in plain text on Google")
An independent cybersecurity researcher, Athul Jayaram, has revealed that due to a privacy issue, WhatsApp numbers of users from the US, UK, India and many other countries have been leaked and are available on the open web in plain text. Jayaram revealed this
in a post on Medium. He claims that around 29,000-3,00,000 WhatsApp user’s mobile numbers are now accessible in plain text to any internet user. [caption id=“attachment_8036591” align=“alignnone” width=“1024”] Image: Reuters[/caption]
He explains that WhatsApp offers a Click to Chat feature that lets users create a link that can be shared anywhere like Twitter and just by clicking at that link, anyone can contact them on WhatsApp. Because of the privacy loophole, the feature was reportedly putting phone numbers of users at a risk by allowing Google Search to index the links. As a consequence, these phone numbers can show up in Google Search. He says anyone including cybercriminals, fraudsters, and marketing executives can get a hold of these numbers by putting a simple Google Search query: site:wa.me<+country code>. They can even look at your WhatsApp display picture and status if you have made them public. [caption id=“attachment_8460071” align=“alignnone” width=“600”] Image: Medium[/caption] We reached out to WhatsApp to learn more about the security issue. A company spokesperson said, “Our Click to Chat feature, which lets users create a URL with their phone number so that anyone can easily message them, is used widely by small and microbusinesses around the world to connect with their customers. While we appreciate this researcher’s report and value the time that he took to share it with us, it did not qualify for a bounty since it merely contained a search engine index of URLs that WhatsApp users chose to make public. All WhatsApp users, including businesses, can block unwanted messages with the tap of a button.”
How can this be avoided?
Meanwhile, Jayaram also offered a solution to the issue. “This privacy issue could have been avoided if WhatsApp encrypted the user mobile numbers as well as by adding a robots.txt file disallowing the bots from crawling their domain and a meta noindex tag on the pages, unfortunately, they did not do that yet and your privacy may be at stake.”
 "Charlie Kirk, shot dead in Utah, once said gun deaths are 'worth it' to save Second Amendment")
 "From governance to tourism, how Gen-Z protests have damaged Nepal")
 "Did Russia deliberately send drones into Poland’s airspace?")
 "Netanyahu ‘killed any hope’ for Israeli hostages: Qatar PM after Doha strike")
 "Charlie Kirk, shot dead in Utah, once said gun deaths are 'worth it' to save Second Amendment")
 "From governance to tourism, how Gen-Z protests have damaged Nepal")
 "Did Russia deliberately send drones into Poland’s airspace?")
 "Netanyahu ‘killed any hope’ for Israeli hostages: Qatar PM after Doha strike")
