WhatsApp is once again in the limelight after an independent cybersecurity researcher Athul Jayaram found mobile numbers of multiple WhatsApp users via Google search.
The researcher claims that he has discovered a privacy issue in the WhatsApp web portal that has leaked around 300000 WhatsApp user’s phone numbers in plain text, which can be easily accessed to any internet user. He notes that users affected with this issue are largely from the United States, United Kingdom, India and other countries.
The problem appears with the Click to Chat option that offers websites to initiate a WhatsApp chat session with website visitors. As per a report by Threatpost, the mobile numbers appear in Google search results, “because search engines index Click to Chat metadata. The phone numbers are revealed as part of a URL string.”
He says that this will make it easier for spammers to compile a database of these phone numbers to mount campaigns. “As individual phone numbers are leaked, an attacker can message them, call them, sell their phone numbers to marketers, spammers, scammers,” he said.
The report further highlights that Jayaram contacted WhatsApp owner Facebook to brief about this issue on May 23, however, Facebook said that data abuse is only covered for Facebook platforms and not for WhatsApp. Jayaram additionally noted, “with a big user base, they should care about these vulnerabilities. Today your mobile number is linked to your Bitcoin wallets, Aadhaar, bank accounts, UPI, Credit cards leading an attacker to perform SIM card swapping, and cloning attacks by knowing your mobile number is another possibility.” To find out which mobile numbers appear on Google Search type site:wa.me followed by <country code> and your mobile number.