WhatsApp is yet again in talks because of a bug which might have revealed phones numbers of its users in Google search. The information was revealed by cybersecurity researcher Athul Jayaram in a medium blog post. As per his words, WhatsApp bug has exposed the phone numbers of nearly 29,000 to 300,00 users online. He also stated that major countries affected from the bug are the United States, United Kingdom and India. However, all other countries are also affected by the bug. Jayaram also stated that the bug was easily identified because the phone numbers of WhatsApp users were leaked on the open web instead of the dark web.
WhatsApp Click to Chat Feature Have Exposed Phone Numbers of Users
Jayaram reported that Click to Chat feature of WhatsApp exposed the phone number of users on Google search. The specific feature of the Facebook-owned app allows users to generate links and share it with anyone. However, these links do not encrypt the phone number of users, and the phone numbers of users are visible on the plaintext. Also, once the link has been shared with anyone, it cannot be revoked by the user. Jayaram also explained the entire case with an example and stated that the link which WhatsApp creates does not have robots.txt file in the server root. As a result, search engines like Google and others can crawl up and index the links which will stay on the web. Due to the glitch, several cybercriminal and attackers could target the users whose personal phone numbers have been listed on Google search. Jayaram also reached out to WhatsApp and Facebook with his report.
WhatsApp Rejects the Report
The Facebook-owned app WhatsApp rejected the report of Jayram and stated that it appreciates and value the work and time which the researcher put in the report. However, it does not qualify for inspection as it contained a search engine index of links that users have chosen to make public. A WhatsApp spokesperson stated that all WhatsApp users, including businesses, can block unwanted messages with the tap of a button.
