UPDATE: WhatsApp has issued a fix for the same days after the Jayaram found out the security issue. According to a report by TechCrunch, WhatsApp said, "While we appreciate this researcher’s report and value the time that he took to share it with us, it did not qualify for a bounty since it merely contained a search engine index of URLs that WhatsApp users chose to make public. All WhatsApp users, including businesses, can block unwanted messages with the tap of a button."
WhatsApp has been susceptible to a number of flaws in the past. Now, a new WhatsApp flaw has been discovered that can expose users' mobile numbers on Google Search for anyone to access them. Read on to know more about the latest WhatsApp glitch.
WhatsApp flaw exposes users' phone numbers
As per a report by Threatpost, a cybersecurity researcher Athul Jayaram found a flaw in WhatsApp due to which thousands of WhatsApp numbers can be searched on Google, thus, arising security concerns. It is suggested that up to 3,00,000 phone numbers have been leaked on Google Search in plain text. Additionally, the bug has affected users from India, the US, the UK, and other countries.
The issue resides in WhatsApp's 'Click to Chat' feature that allows users to conduct conversations with people without saving their numbers. The feature generates the URL "https://wa.me/
While only the mobile numbers are exposed on Google Search, users can still access the profile photos related to numbers and hackers can even reverse-search the image to get more information on the person the number and DP belong to. For this, Jayaram suggests that WhatsApp should encrypt users' phone numbers and add 'robots.txt' so that bots can't crawl the domains.
Jayaram contacted Facebook regarding the issue and was informed that the issue doesn't qualify for a bug bounty as only Facebook platforms are included in the program. Additionally, Facebook suggests that this isn't a big deal as the information exposed is the one users choose to make public.
For those who don't know, earlier this year, another bug was found out by a journalist at DW News, suggesting that the WhatsApp invite links for WhatsApp Groups can be indexed by Google, leaving private group links available on Google.