A WhatsApp security issue potentially revealed phone numbers of billions of users.
Almost every WhatsApp number was on the verge of getting leaked online.
It is easy to determine if a phone number is registered on WhatsApp by searching for the number on the app. If the number is linked to an account, the profile picture and name are visible. Researchers at the University of Vienna in Austria used this method to collect the numbers of 3.5 billion users.
The researchers found that WhatsApp lacked protection against the abuse of its account verification feature. They were able to obtain 30 million U.S. numbers in 30 minutes by exploiting this vulnerability. Their research led to the collection of 3.5 billion WhatsApp numbers globally.
By changing the number sequence, the researchers could see if the number was registered. About 57% of these users had their profile picture visible to everyone, allowing the researchers to collect these photos. They could also view the profile text of 29% of the 3.5 billion users.
Meta, WhatsApp's parent company, was informed of the flaw in 2017 by other researchers. However, Meta did not act on it, leaving the account verification process vulnerable.
In April, the Austrian researchers shared their findings with Meta, explaining the security risk. The flaw could be used to steal photos and numbers of many users. In October, Meta implemented stricter measures on WhatsApp to prevent large-scale contact discovery. The researchers have since deleted their database of phone numbers and related data.
WhatsApp competitors like Signal already have rate-limiting protection. This prevents the large-scale discovery of contacts that WhatsApp previously allowed.
In 2021, 530 million Facebook users' data was leaked online. This occurred when malicious actors exploited a feature that allowed searching profiles by phone number, similar to the WhatsApp flaw.
WhatsApp offers features like free service, encryption, and group video calls. However, due to the security flaws and data collection, some users are switching to apps like Signal, which collects minimal data and offers advanced privacy features like call relay and screen security.
Travel Easy with Nomad eSIM – 25% Off
25% off eSIM data-only plans & global coverage - enter code IPHONE25, sign up required
Check Out The Offer
Travel Easy with Nomad eSIM – 25% Off
25% off eSIM data-only plans & global coverage - enter code IPHONE25, sign up required
Check Out The Offer
25% off eSIM data-only plans & global coverage - enter code IPHONE25, sign up required
25% off eSIM data-only plans & global coverage - enter code IPHONE25, sign up required