WhatsApp may have exposed users’ phone numbers on Google search: Report


Facebook-owned instant messaging platform may have exposed its users’ phone number on owing to a vulnerability in its ‘click to share’ feature. The mobile numbers of users are available on in plain text format, according to an independent cybersecurity researcher Athul Jayaram.

web portal has leaked around 29,000 – 3,00,000 user’s mobile numbers in plain text accessible to any internet user. What makes this finding easy or appears to be simple is that data is accessible on the open web and not on the dark web,” wrote Jayaram in his blogpost that was reported by Threatpost.

He added, “This privacy issue could have been avoided if Whatsapp encrypted the user mobile numbers as well as by adding a robots.txt file disallowing the bots from crawling their domain and a meta noindex tag on the pages. Unfortunately, they did not do that yet and your privacy may be at stake.”

ALSO READ: WhatsApp may allow single account sign-in on multiple devices: Details here

Explaining the issue, Jayaram said that the vulnerability is part of WhatsApp ‘click to chat’ feature where user can generate link to invite others. According to Jayaram, WhatsApp does not encrypt the phone number in the link, as a result, if the link is shared anywhere, the phone number is also visible in plaintext.

For example, if a user shares a “click to chat” link on social media platform, it goes with the mobile number mentioned on it in. Anyone with access to the link might, therefore, be able to see the user’s phone number. Moreover, the URLs are accessed by Google Bots for search indexing. Therefore, the link appears in results even if the original post has been removed from the source.

ALSO READ: Facebook’s Google Photos transfer tool now available globally

“This is because https://wa.me do not have a robots.txt file in its server root, which means you cannot stop Google or other search engine bots from crawling and indexing the wa.me links, which means those links will stay in the web. The pages do not have noindex meta tags to prevent any search engines from indexing the links,” said Jayaram.

Jayaram, apparently, raised the issue with Facebook, which reportedly said the “data abuse is only covered for platforms and not WhatsApp”.

Source link


Please enter your comment!
Please enter your name here

Enable Google Transliteration.(To type in English, press Ctrl+g)