1. You Are At:
  2. English News
  3. Technology
  4. This WhatsApp security issue uploads your mobile number on Google Search

This WhatsApp security issue uploads your mobile number on Google Search

WhatsApp has a functionality that allows users to send messages without saving others' phone numbers

India TV Tech Desk India TV Tech Desk
New Delhi Updated on: June 10, 2020 11:24 IST
whatsapp, whatsapp bug, whatsapp messaging platform, facebook, whatsapp flaw, whatsapp glitch, whats
Image Source : PIXABAY

New WhatsApp flaw discovered

UPDATE: WhatsApp has issued a fix for the same days after the Jayaram found out the security issue. According to a report by TechCrunch, WhatsApp said, "While we appreciate this researcher’s report and value the time that he took to share it with us, it did not qualify for a bounty since it merely contained a search engine index of URLs that WhatsApp users chose to make public. All WhatsApp users, including businesses, can block unwanted messages with the tap of a button."

WhatsApp has been susceptible to a number of flaws in the past. Now, a new WhatsApp flaw has been discovered that can expose users' mobile numbers on Google Search for anyone to access them. Read on to know more about the latest WhatsApp glitch.

WhatsApp flaw exposes users' phone numbers

As per a report by Threatpost, a cybersecurity researcher Athul Jayaram found a flaw in WhatsApp due to which thousands of WhatsApp numbers can be searched on Google, thus, arising security concerns. It is suggested that up to 3,00,000 phone numbers have been leaked on Google Search in plain text. Additionally, the bug has affected users from India, the US, the UK, and other countries.

The issue resides in WhatsApp's 'Click to Chat' feature that allows users to conduct conversations with people without saving their numbers. The feature generates the URL "https://wa.me/As individual phone numbers are leaked, an attacker can message them, call them, sell their phone numbers to marketers, spammers, scammers."

While only the mobile numbers are exposed on Google Search, users can still access the profile photos related to numbers and hackers can even reverse-search the image to get more information on the person the number and DP belong to. For this, Jayaram suggests that WhatsApp should encrypt users' phone numbers and add 'robots.txt' so that bots can't crawl the domains.

Jayaram contacted Facebook regarding the issue and was informed that the issue doesn't qualify for a bug bounty as only Facebook platforms are included in the program. Additionally, Facebook suggests that this isn't a big deal as the information exposed is the one users choose to make public.

For those who don't know, earlier this year, another bug was found out by a journalist at DW News, suggesting that the WhatsApp invite links for WhatsApp Groups can be indexed by Google, leaving private group links available on Google.

Latest technology reviews, news and more

Write a comment