A team of researchers from the University of Vienna discovered a serious security vulnerability in WhatsApp. It was such a flaw that thousands of user contact numbers could have been exposed. If used by anyone, it would have constituted one of the largest data leaks on record. WhatsApp regularly introduces new functions and invests in the protection of privacy; however, this vulnerability has demonstrated that some features may lead to unexpected risks.
How the Flaw Worked
WhatsApp allows users to check whether a given phone number is active on the platform by saving it. The instant messaging application displays basic details such as a profile photo and name. Communication thus is easy. Researchers said this could be misused. This system can then check millions of numbers in sequence using a computer program. It identifies which numbers are active on WhatsApp.
Such a method could be used by hackers or data collecting groups to scrape users' phone numbers, profile photos, and names worldwide. This would raise very serious privacy concerns.
Meta's Response
Due to this weakness, researchers managed to find the phone numbers of about 30 million U.S. users in just 30 minutes. They then deleted the database after this test and notified Meta, the parent company of WhatsApp. In turn, Meta thanked the research team and discussed the weakness with them. According to them, they looked at the issue and found possible fixes. Meta also elucidated that there is no evidence of misuse so far.
Tags Cloud
